It’s a craxzy world out there and you need some protection for your security questions so I’ve penned this post as an effort to help. On more than one occasion I’ve seen a friend find them self in sticky spam situation in regards to their password reset security question(s). Spammers/ (I call them criminal hackers) are getting more sophisticated and storing the ‘Password Reset Security Questions & Answers’ associated with your account / email, etc. in their systems. It’s rather easy to do if you take a second to think about it.

This is how it works. Basically, the hacker gets hold of your password and/or your reset question and stores it in their database. You notice your email has been hacked, change your password, then miraculously the spammers get access to your email again. Basically they are storing your ‘easy’ and ‘verified’ password reset / security questions. They then reset your password at their leasure, re-gain access to your account and let the spamming resume.

Here are a few tips to keep them out.

1. Write Your Own Security Question
If there is the option (the best sites on the Internet provide this option … i.e. Google) , always write your own password reset question and make it cryptic so only you know the answer. Example ‘What will you name your future rocket ship?’ => answer ‘Mount Fuji’. Something as off kilter as this would make it extremely difficult to guess. First it’s hypothetical and only you know the answer. Second the reference to a land mass directly conflicts with what the normal thought process would be for the password. Have it make more meaning so that you’d remember it, but again the point is to reference something only you could possibly know.

2. Add A Layer Of Complexity To An Easy Security Question
Most default security questions provide very low security. The reason is the default security question is often something like ‘What was the name of your first pet?’ or ‘What is your mother’s maiden name?’. These are the *worst* security questions because it is extremely easy for a hacker or someone that knows you, to obtain the answer.

For your first pet, I recommend choosing the name you *wanted* to name your pet but didn’t get a chance to and/or will name your pet. For your mother’s maiden name you could choose the nickname you have for your mother. Something along those lines adds a layer of complexity to what are very simple questions / answers to find via Google.

3. Change Your Reset Question To Another Option
If you always choose the ‘What is your mother’s maiden name?’ question, change and choose something more challenging or abstract. Try changing your question to one you don’t have a ‘real’ answer to, but make up something and remember it.

Hope this helps. If you haven’t read my post on The Basics of Creating Strong Internet Passwords, I highly recommend it. Peace!

Almost everyday I see some scammy app working its way through one of my friends facebook lives. Sucks because these guys prey on unsophisticated tech users. This am, Techcrunch is reporting on another.

It’s impossible to be aware of all of these scams and as I’ve mentioned, they usually pop up on the weekends (for good reason because it’s harder to notify proper internal chain of command at FB to kill the app) so do your best to not get fooled by educating yourself on the common pitfalls.

If you didn’t catch it before, again check out my post regarding
Tips On Avoiding The Facebook Scam. Best!

Early on in this blog I worked to mention a few reasons why one shouldn’t be accepting friend requests from someone they don’t know and posted about what I call the ‘Facebook Common Friend Request Trick‘ where someone or thing tries to friend you on Facebook in an attempt to data mine your private information. Well here is another reason you shouldn’t accept that random request … it may be big brother spying on you!!!

This weekend I spotted an article on All Facebook that references a Huffington Post article about documents recently obtained by the EFF (Electronic Frontier Foundation). In short the EFF obtained a government document from the Office of Fraud Detection and National Security that includes such quotes as:

“Narcissistic tendencies in many people fuels a need to have a large group of ‘friends’ link to their pages and many of these people accept cyber-friends that they don’t even know,” … “This provides an excellent vantage point for FDNS to observe the daily life of beneficiaries and petitioners who are suspected of fraudulent activities.”

Let me translate. The govt has been exploiting the fact you accept random friends requests and checking up on you. Surprise! Apparently though this was used (so they say in this case) to monitor immigration/citizenship fraud. Doesn’t seem a far stretch that it may also be employed by other U.S. agencies. I’m just saying’.

Read the articles below:
Applying for Citizenship? U.S. Citizenship and Immigration Wants to Be Your “Friend
U.S. Government Using Facebook For Surveillance
U.S. Government Exploits Our Facebook ‘Narcissism’ To Detect Fraud, Fake Marriages

I just logged in to Facebook and quickly noticed a scam running through my friends pages regarding ‘Cheap deal on United Airline Tickets’ from United Ticket Agent. I’ve previously noted that these scams tend to happen on the weekend (my belief is they are taking advantage of less FB employees in the office).

I’ve previously given Tips on Avoiding The Facebook Scam which I recommend reading as a refresher.

Here is how I quickly determined this was a scam.
1. The post was out of place from the person who posted it. This is how it appeared on my friends wall. The wording ‘Off to see Mom and Dad’ was very off from the person who posted it (whom i also know).

2. The second I clicked on the link, the application looked ‘suspicious’ and tried to access personal information including ‘posting’ on my wall. Huge red flag!

3. Clicking on the application page, I noticed an oddly ‘low’ number of users for an ‘official’ United Airlines application and a ‘bad’ review that read ‘scam’.

4. The developer was some chick having a drink at a music festival. I mean come on, i don’t doubt there are female developers out there that like to have a drink, but this is just out of place for an official Facebook app from United.

End result. SCAMarooski! Don’t be fooled! If you notice someone posting the ‘deal’ on your ‘wall’, it’s because they accidentally clicked on the app. Best thing to do is delete these posts so your friends don’t get tricked!

Embarrassment.

This is inevitably what happens when someone hacks into your account and starts spamming everyone you know with an important message that you’ve got some great viagra for sale … on the cheap!

My buddy from college learned this the hardway (he’s a MD) when his email was hacked. List of recipients spammed included the dean of his med school. Maybe he thought it was medical advice? I think you get the point.

Again, the best way to prevent against this is making sure your password is *strong*. See The Basics of Creating Strong Internet Passwords for a primer on choosing the right password. Also remember spammers often target your old ‘orphaned’ email accounts (i.e. yahoo / hotmail / aol). Best advice is to go back and close those accounts and/or change the passwords to something extremely complicated.

Related:
Old Yahoo Email Accounts Getting Hacked
What To Do When Your Email Is Hacked

So you’re on The Facebook and you’ve got a few friend requests you may be sitting on. I’m here to tell you that doing this can potentially have an effect you may not be comfortable with … putting your data front and center of someone you really don’t want to share that information so accessibly with.

Here is the scoop. When someone makes a ‘friend request’ to you, Facebook automatically starts inserting your ‘public’ posts (status updates/link sharing, etc) labeled for ‘Everyone’ into the news feed of the requester. Now you could make the argument that if you’re sharing info to ‘Everyone’ on Facebook, they could easily just surf on over to your page. This is true, but by implement the feature to work this way, FB made it 20x easier for this individual to monitor your public activity. If you’re actively logging in and are updating your public feed, sitting on their request, they are now also acutely aware you’re playing it cool putting them in Facebook limbo. Cover blown.

Anyway, Techcrunch reported about this back in July of 2009 so this isn’t exactly news to me, but most FB users aren’t aware of the implication of ignoring requests. Adding insult to injury, the FB team recently swapped (Aug 2010) ‘Ignore’ with ‘Not Now’, which now puts these requests into this state indefinitely if you choose to simply bury them. You’ll have to click on the requests page to actually ignore them (though this won’t block a user from having the ability to try again). To block them forever, you’re required to click ‘Don’t Know Person’ when prompted after clicking ‘Not Now. Confusing? Yes it, kind of seems like it was designed to be confusing?

In Short
* To permanently block someone when you get a request, click ‘Not Now’ -> ‘Don’t Know’. They will not be able to request you again.
* To ignore a request but not permanently block them (in case you two meet later and become drinking buddies) click ‘Not Now’ -> the ‘Take Action On The Requests Page’ link -> Then click ‘Ignore’
** Again, if you *only* click ‘Not Now’ then continue your Facebook surfing, they will go into this limbo pending state

Hopefully this helped clarify a few points of confusion.

You can read the relevant posts on Techcrunch below:
Facebook Has Quietly Implemented A De-Facto Follow Feature
Facebook Makes Baby Steps Towards Its Twitter-Like ‘Follow’ Feature

The only thing I dislike more than a spammer is a scammer. These guys are Internet crooks that use misleading tag lines to persuade users to click on deceiving links in an effort to access some sort of information from them or drive Internet traffic to a particular web site. Here are a few tips for avoiding the scam.

1. Learn How To Recognize A Scam
Be extremely skeptical of what I call the ‘Red Curtain Trick’. These pages usually ask you to ‘Like’ their FB page first or install their application, then they will reveal to you all the glory of their secret page, exclusive content or special access to a new Facebook features. Often they also require that you invite a certain number of your friends before you can ‘gain access’. These pages have scamarooski written all over them! A few examples of this recently are

* The Facebook See Who Has Viewed You Scam – This scam offered the lure of seeing who has viewed your Facebook page. What you need to know is that Facebook does not make this possible.

* Install A Facebook Dislike Button – This scam claimed to install a Facebook dislike button spreading the viral message ‘I just got the Dislike button, so now I can dislike all of your dumb posts lol!!’. Again the key thing to note here is that this feature does not exist. The scammers are simply playing off the consumers interest in such a feature and updating their status without their approval. (see pic below)

Another thing to beware of is the infamous ‘Take Our Survey Then’. When a untrustworthy site asks you to fill out a survey, usually they are collecting data about you that they are going to sell to other marketeers and spammers. They may lure you to do this by promising a ‘Free iPad’ or exclusive access to something new. This leads us to our next point.

2. Do Some Quick Research
Usually all it takes is a quick Google search and most scams are exposed or debunked almost instantly. Try searching across recent news articles on Google News. Taking a quick minute to search the catch phase or application name can save you from a serious privacy headache. If there was a new facebook feature it would definitely be picked up in the mainstream media news, or announced on the Facebook blog.

3. Check The Facebook Security Page
Facebook has a page dedicated to users security here. They’ve done a good job of updating this page with the latest scams across the network.

4. Ask A Trusted Friend
Still not sure if you’re being scammed? Everyone has their go to techie friend they can trust. Ask yours if you’re being had?

My brother Alexander sent me a great link this morning to a NY Times piece on geo data, smart phones and the privacy implications of uploading iPhone/Android photos to the Internet. Article link here

Here is the gist. The GPS built into your iPhone/Android automatically tags each photo with the location of where you took that photo (you have the option to turn this off). Most tech geeks (myself included) think that kind of stuff is cool, but what you find is that most non techies have no idea this is happening. What happens next is that a lot of users upload these photos to various nooks and crannies of the Internet. The result is you’re basically broadcasting the exact geo-location of that photo to everyone on the Internet.

To give you an example of how this works, anyone could easily take from the Internet what seems like a harmless mobile uploaded photo, like the photo below that I moblogged a few months back on my blog, and start to extract some interesting data from it.

Once you install the firefox extension Exif Viewer, a more skilled user can enter the photo URL into their browser and quickly discern that this photo has the following GPS lat/lon below:

Plug these numbers into Google Maps and you can find out the exact location of where I took this photo (see here). Of course it was probably pretty obvious where this photo was taken, but you can start to see where it gets sticky when one is moblogging photos from their residence and/or their friends residences.

As the article notes, it’s pretty difficult to avoid all the privacy holes in modern technology therefore the best tactic really is education to help users understand what they are doing. If you’re interested in disabling geotagging on your iphone, icanstalku.com has information on disabling it here. Anyway, hope this helps bring you a little closer to understanding digital privacy.

I’ve been noticing that a lot of my friends old yahoo email accounts have been getting ‘cracked’ (or what you’d most likely call ‘hacked’) lately. I literally get spam from an old friend’s yahoo email account almost everyday. I’m going to take a wild guess that this is most likely due to a weak password issue.

If you’ve got an old yahoo account, be proactive and protect yourself by going back and updating your old email account passwords or delete them entirely. I wrote two long pieces on this previously. Please please check them out. To make updating your Yahoo account easier, here is a link to your account page. If you can’t remember your password, check out this link.

The Basics of Creating Strong Internet Passwords
What To Do When Your Email Is Hacked

photo coutesy of dru!