Tag Archive for LinkedIn

| March 29, 2012
Comments Off on Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012

Social Media Biggest Risk in 2012The Security Labs over at Websense (WBSN) a provider of Web, data, and email content security have used the Websense ThreatSeeker Network (PDF) which provides real-time reputation analysis, behavioral analysis, and real data identification to announce (PDF) their picks for the top IT security threats for 2012. Social media is the #1 risk in 2012,.

1. Websense says that stealing, buying, trading credit card, and social security numbers is old news. They say that your social media identity may prove more valuable to cybercriminals than your credit cards.

LinkedIn connections for saleToday, your social identity may have greater value to the bad guys because Facebook (FB) has more than 800 million active users. More than half of FB users log on daily and they have an average of 130 friends. Trust is the basis of social networking, so if a bad guy compromises social media logins, the security firm says there is a good chance they can manipulate your friends. (Stacy Cowley at CNN Money has an excellent article on how this can work with LinkedIn (LNKD). Which leads to their second prediction.

2. According to Websense most 2012 advanced attacks’ primary attack vector will blend social media “friends,” mobile devices, and the cloud. In the past, advanced persistent threats (APTs) blended email and web attacks together. In 2012, the researchers believe advanced attacks could use emerging technologies like: social media, cloud platforms, and mobile. They warn that blended attacks will be the primary vector in most persistent and advanced attacks of 2012.

iPad malware3. The San Diego CA-based firm says to expect increases in exposed vulnerabilities for mobile devices in 2012. They predict more than 1,000 different variants of exploits, malicious applications, and botnets will attack smartphones or tablets. Websense security investigators predict that a new variant of malware for mobile devices will appear every day.

The Internet security firm stresses that application creators need to protectively sandbox their apps. Without sandbox technology malware will be able to get access to banking and social credentials as well as other data on the mobile device. This includes work documents and any cloud applications on that handy device. The firm believes that social engineering designed to specifically lure mobile users to infected apps and websites will increase. Websense predicts the number of mobile device users that will fall victim to social engineering scams will explode when attackers start to use mobile location-based services to design hyper-specific geolocation social engineering attempts.

SSL/TLS blindspot4. SSL/TLS will put net traffic into a corporate IT blind spot. Two items are increasing traffic over SSL/TLS secure tunnels for privacy and protection. First, the disruptive growth of mobile and tablet devices is moving packaged software to the cloud and distributing data to new locations.

Second, many of the largest, most commonly used websites, like Google (GOOG) Search, Facebook, and Twitter have switched their sites to default to HTTPS sessions. This may seem like a positive since it encrypts the communications between the computer and destination. But as more traffic moves through encrypted tunnels, Websense correctly says that many traditional enterprise security defenses (like firewalls, IDS/IDP, network AV, and passive monitoring) will be left looking for a threat needle in a haystack, since they cannot inspect the encoded traffic. These blind spots offer a big doorway for cybercriminals to walk through. (We have started to battle this as we move from a POC system from McAfee another vendor to a modem content filter to be nameless but was just bought and we haven’t solved it yet, the NoSSLSearch for GOOG still needs some work)

Network security5. For years, security defenses have focused on keeping cybercrime and malware out (Also called M&M security, hard on the outside, soft and chewy on the inside). The Websense Security Lab team says that there’s been much less attention on watching outbound traffic for data theft and evasive command and control communications. The researchers say hacking and malware are related to most data theft; they estimate that more than 50 percent of data loss incidents happen over the web. This is aggravated by delayed DLP deployments as vendors use traditional overly excessive processes like data discovery (designed to over-sell professional services?).

In 2012, organizations will have to stop data theft at corporate gateways that detect custom encryption, geolocations for web destinations, and command and control communications.  The security firm predicts organizations on the leading edge will add outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.

Black-Hat-SEO_full6. The London Olympics, U.S. presidential elections and Mayan calendar apocalyptic predictions will lead to broad attacks by criminals. SEO poisoning has become an everyday occurrence. The Websense Security Labs still sees highly popular search terms deliver a quarter of the first page of results as poisoned.

The researchers expect that as the search engines have become savvier on removing poisoned results, criminals will port the same techniques to new platforms in 2012. They will continue to take advantage of today’s 24-hour, up-to-the-minute news cycle, only now they will infect users where they are less suspicious: Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations. Websense recommends extreme caution with searches, wall posts, forum discussions, and tweets dealing with the topics listed above, as well as any celebrity death or other surprising news from the U.S. presidential campaign.

Scareware7. Scareware tactics and the use of rogue anti-virus, will stage a comeback. With easy to acquire malicious tool kits, designed to cause massive exploitation and compromise of websites, rogue application crimeware will reemerge Websense says. Except, instead of seeing “You have been infected” pages, they expect three areas will emerge as growing scareware subcategories in 2012: a growth in fake registry clean-up, fake speed improvement software, and fake back-up software mimicking popular personal cloud backup systems. Also, expect that the use of polymorphic code and IP lookup will continue to be built into each of these tactics to bypass blacklisting and hashing detection by security vendors. (Rival IT Security firm GFI Software proves Websense’s point by reporting a “new wave of fake antivirus applications (or rogue AV)” since the start of the year and are “a popular tactic among cybercriminals.”)

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| February 9, 2012
One comment

Social Network Safety Tips

Social Network Safety TipsIn case you have lived under a rock, social networking sites are very popular. LinkedIn (LNKD) has over 100 million users; 1 billion tweets are posted on Twitter each week and Facebook is approaching 1 billion users. Despite these numbers, they also open users up to more computer viruses and online threats according to a report from Webroot. A Help Net Security article details a few of the threats social network users face. They include:

Social networking malwareBogus e-mails from “friends”: The blog warns that hackers lure users into taking actions they shouldn’t. They do this by making it seem as if a friend within their social network has sent them an in-network e-mail. Only the e-mail is from a hacker who’s hijacked the friend’s account.

Malicious links or bait: This type of scam involves personal messages to users. The messages encourage victims to click on a link. Doing so can do a number of things including sending users to a fake website. There they are prompted to download and install an executable file that turns out to be a virus that infects the user’s PC explains the author.

Identity theftIdentity theft: Social network users who share personal information with their entire network of friends leave themselves vulnerable to hackers. Oversharing details like birth dates, addresses, pets’ names, and other details make it easier for attackers to guess your password and access Yout profile based on the personal information shared reports Help Net Security.

To help increase your PC protection, Webroot advises users to install updatable Internet security software and keep a few simple rules in mind, such as:

Be skeptical – E-mails, friend requests, Web site links, and other items from sources you do not know could be malware.

Social networking privacyUse privacy settingsSocial Networking sites, such as Facebook and Twitter, offer privacy settings that let you control who sees your posts and personal information. Use them to control who access to your page, contact information, etc.

Protect your password – Choose your passwords wisely, incorporate numbers, letters, and special characters, and never use the same password at more than one site.

For those who may need new internet security software, you should select a program that has a multi-level security program to:

  • Block viruses, spyware, spam, Trojans, worms, rootkits, and keyloggers;
  • Make your PC invisible to hackers;
  • Encrypt passwords and remember them for you;
  • Offer multi-layer identity protection;
  • Provide firewall security.
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
| August 12, 2011
One comment

LinkedIn Pulls A Facebook

LinkedIn Pulls A FacebookBusiness social networking firm LinkedIn made me get out of my Bach Seat and jump up and down this morning, LinkedIn (LNKD) pulled a Facebook and made a sneaky change to the terms of service that made user’s names and photographs available to advertisers if they want to use them.

Thankfully BrandImpact tells how to keep up your privacy.

  1. LinkedIn logogClick on your name on your LinkedIn homepage in the upper right corner. From the drop-down menu, select “Settings.”
  2. In the “Settings” page, select “Account.”
  3. In the column next to “Account,” click “Manage Social Advertising.”
  4. Uncheck the box next to “LinkedIn may use my name, photo in social advertising.”
  5. Now check the new default settings under “E-mail Preferences” and “Groups, Companies & Applications.” Make sure to opt-out of “Data Sharing with 3rd-party applications” as well.

In the face of negative user reactions and a growing media firestorm, LinkedIn has decided to make a change in the policy. That’s a step in the right direction. I have written about social networking’s assault on privacy here, here, and here.

rb-

Even though LinkedIn has backtracked on this it still irks me. I believe that most people on LinkedIn are working on their professional brand and do not want to be associated with ads. Facebook is for kids who don’t care, LinkedIn was for professionals. This seems like LinkedIn is wasting the goodwill they’ve built up over the years as it tries to justify its $9 billion IPO valuation. This is not a good sign for LinkedIn, I doubt they can beat Facebook in the teenie-bopper social network segment.

What do you think?

Are you concerned about your privacy on Facebook?

View Results

Loading ... Loading ...
Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , ,
| June 2, 2011
Comments Off on LinkedIn Accounts can be Hijacked

LinkedIn Accounts can be Hijacked

Help Net Security has a report that users of the newly minted public LinkedIn (LNKD) are in danger of having their account hijacked. The Linkedin accounts can be hacked when accessing them over insecure Wi-Fi networks or public computers. Independent security researcher Rishi Narang told Help Net Security that the risk is due to two reasons. First, the LinkedIn session and authentication cookies have an unnaturally long lifespan. Secondly, LinkedIn does not remove the cookies once the user logs out.

LinkedInThe article says the cookies in question are JSESSIONID and LEO_AUTH_TOKEN, and are available even after the session initiated by the user has been terminated. The cookies are also set to expire only after one solid year, and this fact allowed the researcher to get access to a number of active accounts of various people from all over the world during a period of many months. “They would have login/logged out many times in these months but their cookie was still valid,” Mr.Narnag writes on his blog.

In addition to all of that, those two cookies and the others that the welcome page stores are transmitted in clear text over HTTP, because they don’t have a secure flag set. “If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic,” explains Mr. Narang.

According to the researcher, until LinkedIn makes some changes, the only way to “expire” the cookies is for the users to change their password and then authenticate themselves with the new credentials. This could be a stopgap measure if you know that someone has stolen those cookies and is accessing your account, but won’t new cookies be created after the password change and authentication?

Help Net Security says that the only solution to this problem is for LinkedIn to effect some changes, and according to Reuters, they are planning to offer “opt-in” SSL support for the entire site in the coming months (and that would encrypt the cookies in questions), but have not commented on the cookies have such a long lifespan.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: , , , , , , , , , , , , , ,
| April 16, 2011
Comments Off on Wall Street Investing Like It’s 1999

Wall Street Investing Like It’s 1999

Wall Street Investing Like It’s 1999 The New York Times reports that banks are pouring money into technology funds, wealthy clients and institutions are clamoring to get pieces of start-ups, expectations of stock market debuts building. As the Wall Street machinery kicks into second gear, some investors with memories of the Internet bust a decade earlier are wondering whether this sudden burst of activity spells danger for the industry once again.

With all this exuberance, valuations are soaring. Investments in Facebook and Zynga have more than quintupled the implied worth of each company in the last two years. The social shopping site Groupon is considering an initial public offering that would value the company at $25 billion. Less than a year ago, the company was valued at $1.4 billion.

I worry that investors think every social company will be as good as Facebook,” said Roger McNamee, a managing director of Elevation Partners and an investor in Facebook, who co-founded the private equity fund Silver Lake Partners in 1999 at the height of the boom. “You have an attractive set of companies right now, but it would be surprising if the next wave of social companies had as much impact as the first.

WebvanThe NYT points out the example of the online grocer, Webvan. WebVan was one of the most highly anticipated I.P.O.s of the dot-com era. The business had raised nearly $1 billion in start-up capital from institutions like Softbank of Japan, Sequoia Capital, and Goldman Sachs. Goldman, its lead underwriter, invested about $100 million. On its first day, investors cheered as Webvan’s market value soared, rising 65 percent to about $8 billion at the close. Less than two years later, Webvan was bankrupt.

Thomas Weisel, the founder of an investment bank called the Thomas Weisel Partners Group that prospered in the first Internet boom, says he is “astounded” by the amount of money now flooding the markets. “I think it’s much greater today,” he told the NYT. “The pools of capital that are looking at these Internet companies are far greater today than what you had in 2000.”

Yet there are notable differences between the turn-of-the-century dot-com boom and now. For one, the tech start-ups that have attracted so much interest from investors have real businesses — not just eyeballs and clicks. Companies like Facebook have fast-growing revenue. Groupon, which has been profitable since June 2009, is on track to take in billions in revenue this year reports the paper. And since 1999, when 248 million people were online (less than 5 percent of the world’s population), broadband Internet and personal computing have become mainstream. About one in three people are online, or roughly two billion users, according to data from Internet World Stats, a Web site that compiles such numbers.

Today, the collective amount of money that Wall Street banks are pumping into Internet start-ups, on top of the surging cash piles from venture capital groups, hedge funds, and private equity, is a major concern for some investors.

Over the last five months, the NYT says many venture capital players have raised giant amounts of capital. One Facebook investor, Accel Partners, is about to raise $2 billion for investments in China and the United States, while Bessemer Venture Partners will be closing in on $1.5 billion for a new fund. Greylock Partners, Sequoia Capital, Andreessen Horowitz, and Kleiner Perkins Caufield & Byers have collectively raised more than $3 billion in the last six months.

rb-

I can do my job without the social networker, I think the infographic above show that the VCs are no better than Wall Street, moving in a herd to Facebook. At least in 1999, the VCs were all over the place now they have settled on 5 firms.

They certainly have not made it easy for any other new ideas to get funded. The VC community has also concentrated its risk on these firms. All of these firms may be sexy on the coasts, but the only one that is relevant to me in Detroit is LinkedIn.

What do you think?

Is it 1999 again?

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , ,
« Older Entries   Recent Entries »