Shared Security Podcast

This is the 16th episode of the Social Media Security Podcast recorded July 2, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Quick update on Diaspora (pronounced Di-as-para).  Here is a video update as well. FTC nails Twitter for deceiving users about privacy and security HTTPS Everywhere Firefox extension from the EFF Persistent XSS on Twitter.com Interesting New Twitter Phish Can Lead to Bad Places Facebook Rolls Out Simplified Application Permissions System Facebook Phonebook Is Not A Security Threat NTIA (National Telecommunications and Information Administration) has received the report of the Online Safety and Technology Working Group (OSTWG) “Youth Safety on a Living Internet” (2.42 MB PDF file) Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 16 – Diaspora News, FTC and Twitter, Twitter XSS, Facebook App Permissions appeared first on Shared Security Podcast.

This is the 15th episode of the Social Media Security Podcast recorded June 11th, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Our Facebook Privacy & Security Guide has been updated to v2.2.  We are working on the LinkedIn Privacy & Security Guide! How to permanently delete your Facebook account Quit Facebook Day – May 31st was it successful? Facebook Leaks Usernames, User IDs, and Personal Details to Advertisers Facebook Fixing Embarrassing Privacy Bug (CSRF). Video here. Facebook “likejacking” targets World Cup, BP, Shrek, UFC, … ReclaimPrivacy.org – Facebook Privacy Scanner Facebook firehose comes to Bing Formspring.me XSS flaw MySpace Announces New Privacy Controls Social media pose the latest challenge in separating work from personal spaces Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 15 – Current Facebook Security Issues, New Privacy Tools, Likejacking, Formspring, Social Media at Work appeared first on Shared Security Podcast.

This is the 14th episode of the Social Media Security Podcast recorded May 14th, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With Instant Personalization (two XSS holes in a few days discovered) Want to know what Cross-Site Scripting (XSS) is and how it works at a basic level? Check out Episode 2 of our podcast. Facebook Leaks IP Addresses via Email Facebook is dying, social is not.  Is Facebook overplaying your hand? Diaspora “The Open Source Anti-Facebook” raised $133,182 (close to 4,000 supporters!) Dispite all this…Facebook Rolls out New Security Features What does Facebook publish about you and your friends? Searching the OpenGraph. I Can Stalk U – Raising awareness about inadvertent information sharing Swipely aims to take over where Blippy left off Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 14 – Recent Facebook Hacks and Controversy, Diaspora, Swipely appeared first on Shared Security Podcast.

This is the 13th episode of the Social Media Security Podcast recorded April 30, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: New Facebook Changes – Social Graph, Social Plugins and Instant Personalization.  Here are two articles to read on the new changes. Want to know more about the new Graph API? Read Facebook’s documentation. Tom updated his Facebook Privacy & Security Guide to version 2.1.  This update includes all the latest changes to Facebook.  Download and share with friends and family! Opps. Blippy Users’ Credit Card Numbers Exposed in Google Search Results. Does it really matter? They just got more funding! 1.5 million stolen Facebook IDs up for sale Twitter to remove Basic Authentication for Apps.  Only OAuth allowed now. That’s a good thing! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 13 – Details on the recent changes to Facebook, Blippy CC issue, Bye bye Basic Auth appeared first on Shared Security Podcast.

This is the 12th episode of the Social Media Security Podcast recorded March 28, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Facebook is about to implement a new Facebook Privacy Policy and Statement of Rights and Responsibilities.  We put together a blog post of some must read articles on the topic. Rumor is that Facebook is going to use QR Codes as part of their Geolocation strategy (mentioned by Tom). Joan Goodchild from CSO Online interviewed Tom and Scott for an article titled: 10 Security Reasons to Quit Facebook (and one reason to stay on). Fake Zynga Toolbars Will Steal Your Facebook Password.  Watch out for those “autoplayer” scripts as well, some could be laced with evil code… The Majority of US, European users (still) click on Spam. Scott’s blog post: Security pros use layered techniques, but so do attackers.  How do you address employees using social media sites at work? Blocking access isn’t always the best solution. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 12 – New Facebook Privacy Changes, Social Gaming Threats, Social Media in the Workplace appeared first on Shared Security Podcast.

This is the 11th episode of the Social Media Security Podcast recorded March 15, 2010.  Sorry for the delay on releasing this!  We should be back on our biweekly schedule soon.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Buzz Opens Privacy Pandora’s Box for Google How to turn off Google Buzz, or just close some of its privacy loopholes Twitter to block malicious links.  We think this is a good thing!  Hoping Twitter rolls this out to the entire service soon. The dark side of geo: PleaseRobMe.com. Gowalla adds a new twist to location based social networking. Tom and Scott discuss some of the privacy and security issues with Geolocation services. Geostalking shows the privacy issues with location based social networks.  You might be setting yourself up for a prank call. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 11 – Google Buzz, Geostalking, Twitter’s Phishing Filter appeared first on Shared Security Podcast.

This is the 10th episode of the Social Media Security Podcast recorded February 8, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Shmoocon was great!  Be sure to check out the two talks about social media: Social Zombies II: Your Friends Need More Brains (video, slide deck, Facebook Application Autopwn Demo, Robin’s KreiosCS w/LinkedIn demo) and Nathan Hamiel’s talk Exposed | More: Attacking the Extended Web. Download the slide deck here. CDC Social Media Policies Facebook celebrates 400 million users by rolling out new redesign. Any new security issues? Hackers use Geolocation, Automation to target social networking sites Tom talks about some of the security and privacy issues regarding sites like Blippy and FourSquare.  CyberStalking anyone? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 10 – Shmoocon, Geo-Location, Social Media Policies, CyberStalking appeared first on Shared Security Podcast.

This is the 9th episode of the Social Media Security Podcast recorded January 26, 2010.  This episode was hosted by Tom Eston and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Kevin will be speaking with Robin Wood at Shmoocon Saturday, February 6th at 11am.  “Social Zombies II: Your Friends Need More Brains”. Facebook Partners With McAfee for Anti-Virus.  Does this change anything? Websense Defensio 2.0. Websense offers a Facebook application to protect users from malicious content in their profiles. How does it work and does it help? Blippy.com – How far will information sharing sites go? Blippy allows you to automatically share your credit card transactions as you make them. This includes the place you made the purchase, the amount, and in some cases, the item. No really, it’s true. Breaking up and Social Media – What happens when a relationship ends and you share a multitude of social media sites with your ex? Can you “de-friend” your ex’s whole network? What about custody of photo archives? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 9 – Defensio, Blippy.com, Relationships and Social Media appeared first on Shared Security Podcast.

This is the 8th episode of the Social Media Security Podcast recorded January 8, 2010.  This episode was hosted by Tom Eston, Kevin Johnson and Scott Wright.  Below are the show notes, links to articles and news mentioned in the podcast: Backupify.com – A solution for backing up all your social media site content.  Check out theharmonyguy’s manual method for Facebook. Commit virtual social media suicide!  This service will remove your social network profiles, change your profile picture and password so you can never use the account again.  Facebook is currently blocking the service as they say it’s a violation of their ToS. Clearing up questions about what Facebook Applications can access in your profile ** An application has access to your PAI and anything visible to “Everyone” as soon as you stop by – no authorization necessary. “When you visit a Facebook-enhanced application or website, it may access any information you have made visible to Everyone (Edit Profile Privacy) as well as your publicly available information. This includes your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages. The application will request your permission to access any additional information it needs” 10 Basic Concepts of Facebook Privacy Facebook Groups that add non-existent “features”. You may want to check out our group! Send it to your friends! Who is @robinsage on Twitter?  Drawing the line with fake accounts, how far is too far? Import Facebook emails to find out real pictures and profile information, new spamming technique. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 8 – Would You Commit Social Media Suicide? appeared first on Shared Security Podcast.

This is the 7th episode of the Social Media Security Podcast recorded December 21, 2009.  This episode was hosted by Scott Wright and Tom Eston.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Scott talk about the new Facebook privacy settings.  Tom released an updated Facebook Privacy & Security Guide as well as a video walkthrough. Tom talks about a work around by theharmonyguy to easily view hidden Facebook photo albums.  This does not circumvent Facebook privacy settings, it just “unhides” photo albums set to “Everyone”. Mark Zuckerberg’s pictures exposed by Facebook privacy roll-back Did you know that your Facebook events can be viewed via the API as well? Scott’s Security Views Post on theharmonyguy’s battle with Facebook around security assurance for the Facebook platform. What are Twitter lists and are there any security concerns with them? Scott talks about the recent FTC Endorsement and Testimonial Guidelines for Bloggers, Podcasters and Other Social Media Publishers. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes. Thanks for listening! The post Social Media Security Podcast 7 – New Facebook Privacy Settings, Twitter Lists, FTC and Bloggers appeared first on Shared Security Podcast.