Thoughts on FB Security Issues

[nujinini]

Hi!

First, please understand that this is not a rant or criticism against Facebook.

My wife and kids have their respective accounts. However, I have been hearing some news here and there about security concerns.

I know it's not FB's fault but it was more due to the innocence of those who registered and have been very open with their personal informations on the site. Once I heard on CNN that wives of CIA operatives assigned in Iraq published pictures of their husband and it caused the Agency to send them all home.

An old friend of my wife found here in FB and started to give the name of her husband, the company where he is working, her cellphone number among other things.

And so, I told my family to be careful on what they publish. No details given not unless needed. Even the dates of their birthdays. I gave them a rule of thumb that they might want to follow and that is to ask themselves the question several times first "Do I really have to give this info?"

"Aren't you being a little bit paranoid?" my son asked me.

Any thoughts please?

[GNU-Fan]

You are completely right with your rule of thumb. I strongly support it and give the same advice to my relatives.

The problem is not specific to Facebook though. I merely think of it as an especially visible symptom of a more general carelessness about private date.

As far as paranoia is concerned, isn't that exactly what parents are for? To admonish the children, which are sometimes careless in their actions.

[Freston]

FB from a hackers*) perspective but if you want to really read something interesting, look at 'he Art of Deception' by Kevin Mitnick. You can draw your own conclusions about your default paranoia level setting, but you are better safe than sorry
My philosophy is that over 95% of people are trustworthy, and 4% are generally trustworthy but perhaps opportunistic. It's less than one percent that you should look out for. In reality, it only takes one crook to steal your bike.
I've had two encounters with social engineers that I am aware of. It /is/ an art. But it also is a thin line. I don't /want/ companies for example looking at my preferred brands and target me in advertising. I don't want to be labelled, tagged, or put in their databases. I have no shred of hope that this doesn't happen. But I'll do my best to minimize it.


*) They mean of course the hackarius blackhattius variety and not Linus or rms

[MASONTX]

A recent article in one of the linux mags (can't remember which one), stated that an underground hacker site had a listing of 1.5 million FB accounts information for sale. It pays to be careful. I wouldn't put any personal info on FB. If someone needs the info, send them an email with the information. It's not paranoia if there really are people out to get you.

[nujinini]

Just read this in yahoo news this morning.

[MASONTX]

We tend to think that we aren't divulging that much in our tweets, blogs, or whatever. In fact, someone who knows what they are doing can piece together a great deal of information about us.
30 years ago, in my military days, I was in a unit that was constantly reminded about operational security and phone security. We all thought that we were about as secure as we could get, that is until an intelligence exercise was run against us. In 6 weeks of listening to our phone calls, monitoring our radio transmission, searching our trash, and listening in on conversations between members at lunch, the barber shop, etc. the intel people pretty much identified the details of 3 classified operations we conducted during that period.
If you aren't very careful with your information, someone willing to put in the time can get your personal data. The easier you make it for the crooks, the more likely you are to be targeted.