Shared Security Podcast

This is the 6th episode of the Social Media Security Podcast recorded December 3, 2009.  This episode was hosted by Tom Eston and Kevin Johnson.  Scott Wright joins in as “god” during post-edit.  Below are the show notes, links to articles and news mentioned in the podcast: New privacy settings in Facebook are rolling out, regional networks are being removed.  Be sure to check out the comments under Mark Zuckerberg’s blog post…all spam! Is Facebook photo tagging still a big fail? Scott clarifies this for us.  The solution to this is to adjust your privacy settings to allow only you to see tagged photos of yourself and ensure email alerting is on to alert you when a new photo is tagged of you.  That way you can easily remove any tagged photo of you.  There is also no way to “prevent” a photo of you being tagged.  However, to tag someone they need to be in your friends list.  How about false tagging?  Someone tagging you in a naughty picture…reputation issue?  What if you don’t have a Facebook account and friends make comments regardless? Police create fake Facebook account to bust a college student for underage drinking.  Did the police go too far or this is acceptable practice in this day and age? Kevin talks about Clickjacking.  What is it and what do users of social networks need to be aware of? Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes! Thanks for listening! The post Social Media Security Podcast 6 – Privacy, Photo Tagging, Facebook Police, What is Clickjacking appeared first on Shared Security Podcast.

This is the 5th episode of the Social Media Security Podcast recorded November 20, 2009.  This episode was hosted by Scott Wright and Tom Eston. Kevin Johnson will be joining us for the next podcast.  Below are the show notes, links to articles and news mentioned in the podcast: Tom gives an overview of the OWASP AppSec DC conference. Koobface now using Google Reader for links.  Very good paper on how Koobface works. Google Launches Privacy Dashboard. Google Wave Gadget to Make Your Friends Logout. Google’s ChromeOS.  What is it and how does this relate to social media use? Foursquare.  What is it and are there any security/privacy concerns?  Search Twitter for others using Foursquare.  Import your contacts, social network friends.  The Google contact import method is not secure (screenshot). Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast in iTunes! Thanks for listening! The post Social Media Security Podcast 5 – Google Reader, Privacy, Wave, ChromeOS and Foursquare appeared first on Shared Security Podcast.

This is the 4th episode of the Social Media Security Podcast recorded November 6, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: More scams on Twitter including the recent IQ quiz attack.  Disinformation on social networks…someone died example..are you sure they are really dead? Tom talks about his Open Source Intelligence Gathering talk that he recently gave.  How do you find information posted about your company on social networks and why should you look?  Now is probably a good time for your company to create a social media strategy and then develop a Internet postings policy around this strategy. Cisco has a great Internet posting policy to reference when created one for your company. Scott talks about creating a postings policy for your company.  Here is a link to the Forrester book titled “Groundswell” that talks about creating a social media strategy. Kevin talks about Google Wave.  What is it and why would we want to use this?  What are some of the security issues with Google Wave?  Check out the great research that theharmonyguy has been doing on Google Wave. Developers! Please start coding securely from the beginning of the project! ktksbai. Be sure to follow us on Twitter to stay up-to-date on all the latest news in the world of social media security! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening! The post Social Media Security Podcast 4 – Death by Twitter, Open Source Intelligence, Policies, Google Wave appeared first on Shared Security Podcast.

This is the third episode of the Social Media Security Podcast recorded October 23, 2009.  This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: Tom and Scott talk about phishing on social networks. How can you tell the difference between a fake friend request and a real one? Here is a screen shot of a fake friend request and a real friend request.  Just by looking at the email…it’s really hard to tell the difference isn’t it?  The only way you can tell the difference is to look at the URL the link is going to by looking at the message source (code and/or mail header info).  We advise you check your Facebook Inbox for legitimate friend requests, don’t click on friend request links in email. Tom gives a primer on Koobface. What is the Koobface worm and how does it spread?  If you want to learn more about Koobface check out this very good paper created by TrendMicro on how Koobface works. Kevin gives a great non-technical overview of CSRF (Cross-site request forgery).  Want to see a real CSRF attack demonstrating stealing private Facebook profile information? Check out this video and blog post.  Here is the great talk by Jeremiah Grossman about exploiting business logic flaws that Tom mentioned. Interested to know more about CSRF? Check out Security Now! Episode 166. Are your protected tweets able to be searched by Google?  Tom clarifies that this article was not true at all.  However, there are some important things you need to know about protected tweets and why making your Twitter account private doesn’t buy you much. Due to popular demand we are going to try recording the podcast bi-weekly! Be sure to follow us on Twitter to stay up-to-date on all the latest news in the world of social media security! Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening! The post Social Media Security Podcast 3 – Phishing and Koobface, What is CSRF, Protected Tweets appeared first on Shared Security Podcast.

This is the second episode of the Social Media Security Podcast recorded September 25, 2009.  This episode was hosted by Scott Wright, Tom Eston and our new co-host Kevin Johnson.  Below are the show notes, links to articles and news mentioned in the podcast: Introducing our new co-host, Kevin Johnson.  Kevin is a Senior Security Analyst for InGuardians and is also an instructor for the SANS Institute, teaching both SEC504: Hacker Techniques, Exploits, and Incident Handling and SEC542: Web App Penetration Testing and Ethical Hacking courses. Tom talks about the Month of Facebook Bugs (created by a security researcher called “theharmonyguy”) why this is important and how many vulnerable applications have been exploited and fixed so far.  Here is the list of top Facebook applications that Tom mentioned in the podcast. Kevin gives a great non-technical overview of a web application vulnerability called Cross-site Scripting (XSS). Many of the Facebook applications we found in the “month of Facebook bugs” were vulnerable to XSS.  Kevin describes what XSS is, how it works and how dangerous this vulnerability is to social networking applications like Facebook. Scott talks about the recent ruling regarding the Canadian Federal Privacy Commissioner vs. Facebook.  This ruling in Canada has created wide reaching changes to privacy and the way applications function within Facebook. Scott also included a brief interview with the Canadian Privacy Commissioner’s Office about this recent Facebook ruling. Tom has updated his Facebook Privacy & Security Guide.  You can download the latest version here. Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  You can also subscribe to the podcast now in iTunes! Thanks for listening! The post Social Media Security Podcast 2 – Month of Facebook Bugs, What is XSS, Canadian Privacy Ruling appeared first on Shared Security Podcast.

This is the first episode of the Social Media Security Podcast.  This episode was hosted by Scott Wright and Tom Eston.  Below are the show notes, links to articles and news mentioned in the podcast: How did socialmediasecurity.com get started?  Want to help out?  Join our mailing list! Weaponizing the Web: More Attacks on User Generated Content (good article on Nathan and Shawn’s talk) Aviv Raff’s Month of Twitter bugs, research on Facebook applications by theharmonyguy What are the Black Hat and DEFCON conferences? History of DEFCON, Black Hat and the security underground (ThreatPost interview with founder Jeff Moss) Twitter Botnet Found Want to know more about SPAM bots? Tom’s presentation at Notacon 6: Rise of the Autobots: Into the Underground of Social Network Bots (slidedeck) Tom and Kevin’s presentation at DEFCON 17 “Social Zombies: Your Friends Want to Eat Your Brains” KreiosC2: Command & Control PoC for Twitter Two more rogue Facebook apps linked to Fucabook scam Twitter Profile Image SPAM Staying clear of Twitter SPAM Private profiles on Twitter. Worth the effort? Please send any show feedback to feedback[aT]socialmediasecurity.com or comment below.  You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode.  Thanks for listening! **You can subscribe to the podcast now in iTunes! The post Social Media Security Podcast 1 – Zombies, Bad Facebook Apps, Twitter SPAM appeared first on Shared Security Podcast.