Twitter is great place to share your ideas and thoughts and it is an even better place to see others peoples’ ideas and thoughts.

You get to receive a view inside a circle of people that you normally wouldn’t associate with, be it by distance or just the fact that you would be in two different social circles.

But the other side of Twitter is not as nice.

Twitter can also be a place that can be harmful to your computer.

If you are not careful, the wrong account on Twitter can send you a link that can lead you right to a phishing attack.

What Is A Phishing Attack?

Before I start, I should describe what a phishing attack is for people who do not know -

A phishing attack is when a bad guy takes a web site and makes it look like another popular web site.

The purpose is to fool the people who normally go to the other web site and have them type in their online credentials.

They might ask for something as simple as your email and password.

Other times they might ask for your social security and credit card number.

Beware Of Violated Twitter Accounts

If you use Twitter a lot then you know that people’s accounts on Twitter get hacked all of the time.

Sometimes it’s a case of someone guessing their password.

Other times it is a case of a hacker being able to get in somewhere else, such as an email account, and was able to use that information to log into the persons twitter account.

Whatever the case may be, peoples’ accounts on Twitter are always being violated.

This means that you have to be careful when you click on links that people send over Twitter.

Take a look at the URL before you decide to click on it.

Make sure that it is safe.

Also, take a look at the previous tweets that the person sent before they sent that particular link out.

If they seem off or uncharacteristic of the person then you know that you really shouldn’t click on the link.

But hacked accounts are not the only place that can lead you to be exposed on Twitter.

Twitter Spam Bots

There are also spam bots that swarm Twitter trying to get people’s attention.

Most of the bots are harmless and are only used for advertising but that is not the case for all of them.

Some of them have links that will lead you to another web page where you will be attacked.

So the best bet for you to follow is to not click on any links that are sent by spam bots.

Not only can it lead you to become a victim in regards to a phishing attack but also bots are a nuisance and you are only encouraging the people who use them by clicking on the ads.

If you are a person that uses Twitter then you should be aware of phishing attacks on the service.

If you are careful on what links that you click, then you should be able to avoid them.

Why You Need To Beware Of Phishing Attacks On Twitter is a post from: Security FAQs

We all like Facebook.

Well, most of us do.

we all like Facebook, right?

Even though it has been under attack the last couple of years by privacy advocates, the press, and the black hat hacker community, it is still a nice service.

There is no other way on the internet to easily be able to find people from your past.

There is really no need to go to a high school reunion when you are able to see the updates of people you went to school with everyday on Facebook.

So, even though I do not want to hop on the bandwagon and criticize Facebook, there is a real problem that must be addressed, several of them in fact.

I will take the time in this article to discuss one of the problems that have been introduced to the Facebook community.

This is a problem with the “Like” button that is being spread across the internet.

How The ‘Like’ Button Is Being Exploited

When people log onto Facebook, they are now seeing something that they haven’t in the past.

The “Like” button.

This button has been around for the past six months and users are just now getting accustomed to using it.

Facebook also expanded its use by letting web pages put up their own “Like” button on their sites.

This way, people are able to click on the button and tell their Facebook friends which web sites that they like.

Black hat hackers have taken this idea and made it part of a click jacking attack.

They somehow trick a person into giving them their Facebook credentials.

Once the credentials are had, they log into the account and make the “Like” buttons in the account point to a web page of their choosing.

Usually this web page is filled with ads from different places.

Unfortunately for the person’s friends in the account, they cannot see the ads because they have been made invisible.

All they see is part of the web page that looks intriguing.

They may click on a part of the page and unbeknown to them, they are actually clicking on an ad.

So the attacker was able to take over the account and trick some of the user’s friends to click on an ad on another web page.

How To Stop The Exploit From Working

There are a couple of ways that you can stop an attack like this from working.

The first step is that if you feel as if you gave your log in information to the wrong place, change your password immediately.

It is better to be safe than sorry in a situation like this.

Also, before you place your log in information inside of a web page, make sure that you are actually on a Facebook page.

Check the URL of the web site to be sure that you have not been tricked.

Keeping Facebook Safe

If you follow these rules then you will be sure to keep your account and the friends that you have on the account safer from click jacking attacks in the future.

Facebook’s New Feature, The “Like” Button, Is Being Used For Cyber Attacks is a post from: Security FAQs

Most people in a certain age bracket have been to Facebook.

If you have not been on there, then you would not know about some of the culture that happens on the service.

People like to use different applications while they are on Facebook.

The applications range from quizzes, to guessing contest and everything else in between.

One of the more popular applications on the service is one that is known as Farmville.

watch out for black hat hackers on Farmville

It is a game where people are able to tend their farms and socialize with people who are doing the same thing.

As with anything else that is popular online, once something starts to grow, it will attract the attention of both good and bad people.

Farmville is popular enough that it is starting to attract attention from the wrong kind of people.

In this article I will show you what to look out for when you are playing and learning about Farmville.

How The Farmville Game Works

The game of Farmville is really simple -  you have a farm and you have to make the farm successful.

You are able to do this by planting certain crops and making sure that they grow.

When they are grown you can sell them and start the process all over again.

This seemingly simple game is starting to get people hooked on it.

In fact, they are hooked so much by it that they actually go out and purchase manuals and other items that they can use to advance to higher levels in the game.

Some of the items that they purchase are even scripts that will allow you to cheat in the game and this is where the bad guys come in.

How The Bad Guys Affect The Play Of Farmville

The bad guys are able to affect the play of the game by either cheating in the game or selling the items that will allow other people to cheat.

However, cheating in the game may be the last problem that you have to worry about when it comes to hackers that have targeted Farmville.

In some of the cheat codes that they claim they offer there are Trojans that are implanted in them.

These Trojans can do many things to your system but the most likely scenario is that it turns your system into a zombie on a botnet.

This means that your system could be sending out spam, DDOS attacks, porn, and other items without you knowing about it.

The black hat hackers will also affect the game by placing links inside of it that they hope to trick people into clicking.

These rogue links have the same effect as the corrupted malware that I mentioned earlier.

Protecting Yourself On Farmville

When you play Farmville make sure that you are aware that there are people that are trying to game the system.

While playing Farmville might be fun and games at first, if you are not careful then someone might plant something on your system that you do not want.

Is Farmville The New Haven For Black Hat Hackers? is a post from: Security FAQs

If you have been following the news lately you would have seen that Twitter was recently slapped down by the FTC for violations in their privacy agreement.

The problem for Twitter started when a hacker named Francois Cousteix was able to break into their systems and take control of a few celebrity Twitter profiles including one that was owned by then presidential candidate Barack Obama.

Twitter showed an alarming lack of security practices during that time.

There were account takeover’s being reported all of the time when this attack happened.

The company now claims that it was an issue of the past and that all of the new regulations that the FTC has forced upon it have already been taken care of in house since that time.

The company claims that they were young and that they didn’t have the capabilities at the time to stop such an attack.

But, even though this was a problem two years ago, it still begs the question, how much can you really trust social networks?

how much trust should you place in social networks?

The Security Issues Of The Past

All of the popular social media web sites in the past five years have had some sort of problem when it comes to security.

The more popular the web site, the more pervasive the security issues were.

When MySpace was king of the hill when it came to the social networks they would always have problems when it came to security issues.

A person would be able to get their account taken away from them by a hacker in many ways.

One of the mains causes was the fact that MySpace used to allow the embedding of Flash in the comment post, meaning there could be cyber attacks just because someone decided to visit a profile.

This may have been a big reason why people were in a hurry to migrate over to Facebook.

The Security Issues Now

Even though it is not as easy as it was two years ago to be able to attack people on a social network, the threat still remains.

Everyday there are people on both Facebook and Twitter that have problems due to security issues.

Facebook has especially been hit hard by these problems in the last few months.

There are a ton of XSS and phishing attacks that are being propagated on Facebook every day and, just like on Myspace, these attacks allow an attacker to take over the person’s account.

Sometimes the results of the attacks are even worse.

Since more people are using their Facebook account as a replacement, or at the very least a complement, for their email account, they have more private information being stored inside of the service than they did on Myspace.

This makes the need for more security even more real on these types of services.

When you are using social media web sites you should always be aware of the cyber threats that can happen on the service.

Use them, but be careful on how you interact with the people on the site.

How Far Would You Dare To Trust The Social Networks That You Use? is a post from: Security FAQs

When you are a web site that is as big as Facebook there are bound to be many bugs and vulnerabilities that will slip past you.

It happens in non-web based software, it is going to happen in web-based software as well.

When you have a project that becomes as big as Facebook is the code becomes very complicated – we are talking about millions and millions of lines of code that must be maintained and kept to make sure that there is no way that someone can take advantage of a mistake.

Even with all of these precautions, however, there is still a chance that someone will be able to get through.

They will be able to see a hole that no-one has previously been able to see and use it for some kind of exploit and that is what this hole is.

The hole is a way for someone to be able to take the code that is in Facebook and create a problem for the end users.

The hole is based on a CSRF attack.

Cross Site Resource Forgery Attack

A CSRF attack is also known as a Cross Site Resource Forgery attack.

An attack such as this allows you to trick a person that is already logged into one of their accounts and change some of the information that is on there.

Using this technique on Facebook, an attacker was able to set up a proof of concept attack that would allow a person to hijack another person’s account and change some of the data on their without the original person knowing.

In the proof of concept attack they only deleted the user’s friends.

Theoretically, they could do a whole lot more than that though.

They could change information on there that would either trick you or the people on your friends list into giving up very valuable information about them.

An attack like this cannot be underestimated.

When a person has the ability to be able to manipulate another person’s logged in account there is no telling what kind of damage that they could do.

This type of attack has happened in other areas such as with peoples’ bank accounts – they were able to use the same techniques they used with Facebook and get people to send all of the money in their accounts to people that they didn’t know.

So far it seems that Facebook has taken this security hole seriously and has already patched it up but it is unfortunate that this had to happen since it is just one in the latest of security holes that Facebook has seen against its web site.

The more popular that Facebook gets, and the bigger that the code base grows, the more they are going to see this type of attack.

This is why both Facebook and the users of the service must be vigilant against these types of attacks.

Proof Of Concept Attack Shows How A Hacker Could Use A Hole In Facebook To Delete Your Friends List is a post from: Security FAQs

Update: I’ve now created a page with all my #infosec follows on and in alphabetical order which should make it much easier to navigate. Find that list here.

I don’t know about you but I often find that one of my favourite pastimes, Twitter, can be a little slow over the weekend.

What better way to spend those quiet hours then than finding a whole host of quality new people to follow?

I’ve written up a couple of lists before – 50 infosec nuts to follow on Twitter and 21 security-minded people to follow on Twitter – but 71 people just isn’t enough is it?

Here are some more great people I’ve discovered who tweet interesting and informative comments and links about security on everybody’s favourite social networking site -

1. paperghost
2. secthreat
3. cedricpernet
4. TimelessP
5. cyber_risks
6. vlna
7. andrewallen
8. nigroeneveld
9. security4all
10. FSLabsAdvisor
11. tonys3kur3
12. ChadChoron
13. anton_chuvakin
14. georgevhulme
15. Dejan_Kosutic
16. codigoverde
17. denvercyber
18. vfoliveira
19. secureideas
20. mckeay
21. Hacksec
22. jack_daniel
23. HackerTheDude
24. danphilpott
25. ghostnomad
26. michaelmknight
27. suffert
28. miscsecurity
29. mikerigsby
30. vnsec
31. jcanto
32. ABCecurity
33. security_freak
34. securls
35. Raykoid666
36. jeremiahg
37. safeeyes
38. sans_isc
39. ThePraetorian
40. DanRaywood (even if he is a Spurs fan!)

Oh and of course theres me too – FOLLOW ME!!

As ever, if you tweet about information security or any related topic and you don’t feature on any of these lists then please do identify yourself via the comments below.

Some Weekend Reading For Twitter Fans – 40 More Security People To Follow is a post from: Security FAQs

Not more than ten years ago it would take a little leg work for a potential attacker to be able to get enough personal information about you to be dangerous.

The spread of personal information on the Internet is a recent phenomenon.

There were some local government web sites online that would give out your deed information.

Also there were other sites online that would give out your telephone number and maybe your address.

Just like the local yellow pages used to do.

Do You Share Too Much Information?

These days you may be giving out way more information than that and not even realize it.

Most people do not understand exactly which piece of information could end up hurting them.

They believe that if they protect their credit card and social security number, that will be all of the protection that they will ever need.

People post a lot of personal information on social networking sites such as Facebook that can end up hurting them.

Now Facebook realizes the situation and has done something about it.

Facebook has decided to make their privacy controls more accessible for everybody.

At the same time they allow you to make more of your personal content private even from friends in your personal network.

Enforced Privacy Settings

The new privacy settings will be forced upon users.

You can chose the skip the process a couple of times but eventually they will force you to chose a setting.

The choices are pretty similar to what they were before, friends, friends of friends, private and everyone.

The difference is in the parts of your personal information that you allow people to see.

Before if they were your friends they would be allowed to see everything about you.

Now you can choose to shut off different parts of the data such as where you work, your Birthday and your political and religious leanings.

This allows the person to feel comfortable about putting that information on the Internet without the fear of someone using it against them.

This is a good time for those changes to be done.

With more and more people learning how to use social networking to their advantage, some of the new people are leaving themselves vulnerable to cunning attackers that would use the personal information against them.

Now they have an easy to walk through wizard that allows even a new person to understand the privacy settings.

Facebook has had their share of privacy issues in the past with the Beacon program and the ability of advertisers to be able to use a friends profile as a recommendation engine for their products.

This time it seems like they are on the right side of the privacy issue.

In the new era of openness there are still some things that you should not want out in public.

Are Facebook Now Getting Serious About Your Privacy And Security Issues? is a post from: Security FAQs

If you are an IT network administrator at a large company, then there are certain web sites that you must decide to block, for the safety of the company’s Intranet.

Each company makes their own decision on what to block, whether it is certain software or access to certain web pages.

Most of the time, when they block these web sites, there is usually a good reason.

There is usually a known security problem with the application or web site in question.

Sometimes they block a web site just because it is not conducive to the work environment.

Now there is a real popular web site that may come under the chopping block of several major large corporations.

And the employees will not be happy with this decision at all.

Should Companies Block Facebook?

The web site that is up for serious discussion is Facebook.

According to the 2010 Sophos security report, companies that allow their workers to go to Facebook, have seen a 70% rise of malware on their network computers.

This is an alarming statistic.

This is not something that a network administrator can take lightly.

There is a lot of vital information that may be on the company’s servers and an employee’s right to access a social media site during work hours should not override that.

When Facebook introduced their third party application network, there were huge security holes that were introduced.

This is now starting to be a problem for corporations and also some home users.

Now the number, 70%, can be misleading in this case.

Spam Is Annoying But Less Of An Issue

That number not only includes malware but spam as well.

Spam is not considered especially dangerous, but it can have some harmful elements to it.

Also it can clog up the companies network, taking up valuable bandwidth.

Even though the actual malware number may not be as high as 70%, it still is a pretty high number and must cause alarm.

The hackers know that there are people in the corporations that use the social networks.

So some may be ambitious enough to also try to penetrate the corporate network through the employee and try to pull corporate secrets.

IT administrators have a big decision to make when it comes to blocking Facebook on their corporate networks or not.

A choice such as this can make a lot of users become very unhappy.

They will not understand the security risk that is involved.

This is why, if you decide to block it from the network, you must then explain to them why it has be done.

They will probably still be upset, but will get over it a lot quicker.

With The 70% Rise In Social Malware, Should Your Company Block Facebook? is a post from: Security FAQs

Update: I’ve now created a page with all my #infosec follows on and in alphabetical order which should make it much easier to navigate. Find that list here.

Back in April I compiled a list of 21 people who had an interest in internet security whom you could follow on twitter.

It was quite popular at the time and yesterday, for reasons unknown, I spotted a large amount of visitors checking it out again.

That has prompted me to produce this larger list which contains many of the new infosec fans and experts I’ve discovered over the last few months.

This is just a small number of the people I  follow so if you find the list useful please let me know and I’ll add another in the near future.

(By the way, don’t forget to follow me!)

Enjoy -

1. alexandrosilva
2. BruceHallas
3. TruSecure
4. BrianHonan
5. gcluley
6. rik_ferguson
7. spywarevoid
8. FSecure
9. SpywareLady
10. kakroo
11. racheloconnell
12. MBenLakhoua
13. SecurityTube
14. komeilipour
15. securitypro2009
16. CyberSafety808
17. ISA_808
18. IntraGard808
19. FortaliceLLC
20. CyberCrime101
21. IncomingThought
22. sirjester
23. nselby
24. LARosen
25. jopirc
26. IBMFedCyber
27. infoseccynic
28. HackThisOrg
29. mattputvinski
30. Luis_Corrons
31. javiermerchan
32. FSecureUKTeam
33. _Bharath
34. teksquisite
35. regsecurity
36. securityninja
37. vaklove
38. n3td3v
39. helpnetsecurity
40. RayDavidson
41. roercom
42. Infosecurity
43. securitystuff
44. xaocuc
45. SCmagazineUK
46. kairoer
47. Beaker
48. briankrebs
49. hollistondad
50. stiennon

50 More InfoSec Nuts To Follow On Twitter is a post from: Security FAQs

The hackers have discovered Facebook and they like it.

Of course I am just joking, there have been holes in the basic Facebook model for a while now.

There have been exploits that have penetrated through their app model and also other ways too.

It is only now though that the group features of Facebook have come under scrutiny.

When people join Facebook, until they start to friend people that they know, they look for things to do on the service.

They try to see what all of the hype is about and so they start to explore the features that Facebook offers.

Facebook Groups

Usually this road will turn them onto the groups section of Facebook.

At best they seem to be loosely regulated and there are dangerous sections on there that people are now just starting to talk about.

Anyone who has a Facebook account can set up a group on the service.

It is pretty easy and when done in good faith, can join a big group of people together onto a topic that interest them all.

There have been people who have become real good friends and maybe even more through the Facebook groups.

Overall people really seem to like the feature.

But as we said earlier, some of the groups have been started only to deliver an exploit to Facebook users.

Security companies are reporting everyday about the severity of the infectious viruses that have been found in the groups section.

Unfortunately this is not only a Facebook problem.

When Myspace was on the top of the social media world, their group functions became a haven for exploits as well.

The problem got so bad, that the group features became less and less used all of the time.

By the end of the exodus for most people from Myspace to Facebook, barely anybody would use the group features anymore.

Action Required

This same fate can await Facebook groups if they do not do something about it soon.

Besides moderating their forums better, the one thing that Facebook can do, is to warn people about the problem.

This needs to be  better than they have done in the past.

If you are not getting rid of the phony groups in a fast enough manner, then at the very least, tell people about them.

I know that it looks bad when you have to tell people that a part of your system may be insecure but you at least owe them that much.

If you are not able to get the job done, then don’t put your users at risk for your mistake.

Facebook has a long way to go before they make the group section secure enough for people to feel completely safe.

It is too easy right now to place a link that goes anywhere on there.

I would recommend to people, that they study the group for a little while before they join it.

If it is not an active group, then most likely it is not one that you want to join.

No matter the topic, there are other groups that will talk about it.

If there isn’t, then start up your own.

That way you knows its safe.

How Can Facebook Groups Pose A Security Risk? is a post from: Security FAQs