Facebook Security Tip: Check to See Who Is Using Your Facebook Account

February 1, 2011 By Harrison Painter

While it is my belief that there is no true privacy when using facebook, security is a much different issue that users need to be aware of. If you have ever been a target of suspicious behavior, and believe someone might have been using your account without your knowledge, please know that there is an “Account Security” area built into Facebook. Here you can check what devices have logged into your account by date, approximate location based on IP address, and device used.

To access these settings, log into Facebook –> Account –> Account Settings –> Account Security.

As you can see in the image below, you can check the box to have an email sent to you anytime a new computer or mobile device logs into your account. I highly recommend you check this box and click save.

You will also see your most recent activity as I described above. If you notice any odd locations or devices that might have had access, you can click the words “end activity” on the right hand side and stop the use.

via Facebook Security Tip: Check to See Who Is Using Your Facebook Account.

May 9, 2011

Hours spent on Twitter? Don’t click on scam spreading virally on Twitter

by Graham Cluley on May 8, 2011

FILED UNDER: Featured, Malware, Social networks, Spam

Another rogue application is spreading between unsuspecting Twitter users, claiming to tell you how many hours you have spent on on the network.

The messages all look pretty similar, and use a currently trending topic such as Richard Dawkins, Cheryl Cole landing the job of a judge on the US edition of “X Factor”, or it being Mother’s Day in the United States.

Richard Dawkins –> I have spent: 23.8 hours on Twitter! See how much you have: [LINK]

#zabecca –> I have spent: 20.9 hours on Twitter! See how much you have: [LINK]

Vidal Sassoon –> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]

#5factsaboutmymom –> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]

Even though you may have seen one of your friends tweet out a message like this, you definitely shouldn’t click on the link. It will take you to a rogue third-party application which asks your permission to connect with your Twitter profile.

If you do authorise the app it will be able to post messages to Twitter in your name, see who you follow on Twitter, grab your Twitter name and avatar, and update your profile. Now, why on earth would you want to give a complete stranger the ability to do that?

Unfortunately, you may be so desperate to find out how many hours they have spent on Twitter (after all, your friends appear to have already been though the process) that you will authorise the application.

Whereupon, the rogue application will tweet the offending message from your Twitter account. When I went through the process on a test Twitter account I run, I found that it tweeted out the message more than a dozen times in less than 30 seconds.

You may not realise that this is happening, however, as the app is distracting you with a message saying it is processing your results. After some whirring away, it asks you to enter your email address to have your results sent to you.

Stop right there! (if you haven’t already). Are you seriously going to give these complete strangers access to your email address too? They already know your Twitter account name, and can post to your Twitter page – now they’ll be able to email you as well!

Who knows what they might send you? Their plan might be to send you spam, a Trojan horse, or a phishing attack. They even have the cheek to say watch out for the message in your spam folder!

I don’t know what the scammers plan to spam out to you, and it could – of course – be weeks or months before they do, but if you want to find out more follow me on Twitter at @gcluley.

These sorts of rogue applications appear to be popping up more and more on Twitter, whereas previously they were mostly seen only by Facebook users.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

via Hours spent on Twitter? Don’t click on scam spreading virally on Twitter | Naked Security.

May 8, 2011

Restaurants Offer iPads & Tweets with Eats – Yahoo! News

It may be impolite to play with mobile devices at the dinner table, but more restaurants are incorporating this type of technology into the dining experience, trading menus for iPads and encouraging customers to send out tweets on Twitter as they eat.

“The trend is only starting to take off now, but in the next few years, restaurants around the world will make technology a part of their core business operations to not only increase customer satisfaction, but also increase business efficiency,” said Jonathan Galaviz, chief economist at the consultant firm Galaviz & Company.

Resd more via Restaurants Offer iPads & Tweets with Eats – Yahoo! News.

May 8, 2011

Congress scrambling to draft ‘do not track’ laws

Lawmakers said Friday they will introduce two “do not track” privacy bills that would allow people to block companies from following their activity on the Internet.

The proposals reflect Congress’ growing focus on passing first-time privacy laws for all Internet users and updating children’s privacy laws as more young people get on the Web through mobile devices.

Web firms generally oppose “do not track” rules, first recommended by the Federal Trade Commission, arguing that companies can create tools to help users manage tracking. Some firms, such as Microsoft and Mozilla, have come up with browser-based privacy controls without government mandates.

In the House, Reps. Edward Markey, D-Mass., and Joe Barton, R-Texas, issued a draft of a children’s privacy bill, called the “Do Not Track Kids Act of 2011,” which seeks to protect the youngest users from tailored marketing and from the risk of exposing personal information without parents’ consent.

The bill specifies that the privacy rules would apply to mobile phone apps, an area unregulated by the federal government. It would require companies to get parental consent to collect location information from children 12 and younger. Teens would have to expressly agree to location collection.

Sen. Jay Rockefeller, D-W.Va., said he would introduce a bill covering all Internet users, making it illegal for websites and marketers to track anyone who had opted out of data collection. The measure would also require companies to destroy user information or make it anonymous once it is no longer useful. The FTC would be in charge of enforcement.

“I’ve asked for a waiver of Senate ethics rules so I can give Sen. Rockefeller a gift he really needs – an iPad,” said Steve DelBianco, executive director of NetChoice, a trade group that represents Web firms including AOL, eBay and Expedia. “The senator can see for himself how interest tracking lets advertisers pay for all those free apps and Web services that regular Americans love to use.”

This article appeared on page A – 5 of the San Francisco Chronicle

via Congress scrambling to draft ‘do not track’ laws.

May 8, 2011

Skype security flaw already patched, but you have to download manually

There’s a big problem with Skype on the Mac: and no, it’s not its ugly UI (although that is a big problem). As noted by Mashable’s (and former TUAW blogger) Christina Warren, the latest version of Skype for Mac has an unpatched security flaw that that allows a person to gain remote access to another’s machine simply by sending a Skype message. The flaw was discovered last month thanks to the work of researcher Gordon Maddern from the firm Pure Hacking. Maddern contacted Skype, who was reportedly already aware of the vulnerability and working on a fix. They then issued a hotfix for the security hole in a minor update (Skype for Mac version 5.1.0.922) on April 14th. However, responding to the issue in an official blog post today the Skype for Mac team said, “As there were no reports of this vulnerability being exploited in the wild, we did not prompt our users to install this update, as there is another update in the pipeline that will be sent out early next week.” What’s that mean to you as a Skype for Mac user? The cat’s out of the bag, and if someone who has the skills to take advantage of the flaw now knows about it, Skype for Mac users who have not updated to version 5.1.0.922 are theoretically at risk. Don’t wait for the automatic update to Skype next week. Be sure and download the April 14th update right now by clicking here, or simply run Skype on your Mac and choose Skype > Check for Updates.
Now about that UI…

http://www.tuaw.com/2011/05/07/skype-security-flaw-already-patched-but-you-have-to-download-ma/#bXpulseX

May 7, 2011

EFF: vote for easy full-disk encryption in Ubuntu!

The Ubuntu Live CD is the excellent, free installer disk for the Ubuntu GNU/ Linux OS; it has a variety of disk tools as well as a fully functioning version of the OS so that you can test-drive it before you install it. However, the standard Live CD image doesn’t come with disk encryption tools; to use these, you presently have to download the “alternate CD” and fiddle around with the command line. The Electronic Frontier Foundation thinks that more people would use disk encryption to protect their data if it was easier to do so, and is hoping to get the Live CD changed to include the disk encryption stuff as standard. Changes to the Ubuntu Live CD are voted on in the Ubuntu Brainstorm site. EFF is asking people who like this idea to upvote it there. I just did –will you?

http://boingboing.net/2011/05/06/eff-vote-for-easy-fu.html?utm_source=feedburner