Social Yet Secure?
Social Media, in my opinion, is not just a passing fad any more. Facebook, Twitter, Foursquare, Tumblr, Instagram and many more such socially interactive services are now being used by millions of people. And it has gone well beyond being just about people and big brands. Increasingly there is a whole cottage industry of home-based businesses which uses Social Media as primary means of interacting with, and securing, more customers.
This increased use of social media has also increased the chances of hackers (with malicious intent, or not) and scammers finding ways to exploit unaware users. Adding to that, lack of physical interaction on social media websites tends to lower users' natural defences, leading them to harbor a false sense of online security.
It is, therefore, the utmost need of the hour, that we bring more security-related awareness to common users – so as to make their social media experience relatively more secure.
It was during the Karachi Social Media Summit back in June, 2011, where during a lecture on well; social media security, I had successfully mounted a MITM (man-in-the-middle) attack against the summit participants, compromising the security of their Twitter and Facebook accounts. The intent behind this was not malicious, but to drive the point home on Social Media security. This enabled me to directly influence the opinion makers of the Pakistani blogosphere to adapt more secure means of sharing information online. And I am very glad to see that ever since that summit, more and more people have adapted safer means of accessing social media services.
Following are some of the points that I made to them, which I believe are very useful for any netizen.
While using a social media website, be very careful about what links you click on. It will take you only an extra second to hover your mouse over a link and ensure via status bar of your browser that they are in fact pointing to the correct website. This includes pictures and videos, supposedly being made viral via grey hat methods. I am sure many of you have suffered these malware infections on Facebook. You have no one but yourself to blame if you fall for it, hence avoid falling for temptation the next time you see a suspicious picture or video on Facebook.
The importance of a strong password can never be highlighted enough. One must always use a strong and hard to guess password, like one with a mix of upper and lower case letters, alongside a special character (e.g. !@*&$() and digits. Now I understand how cumbersome this may seem, but it will save you from a lot of headache which follows when your account gets hacked because you had kept your date of birth as the password.
Sharing information online
Do you know that the majority of e-mail and social media accounts are not hacked by someone who is a computer genius, or even a coder. It’s people who are good ‘Social Engineers’ that turn out of the smartest 'hackers'. Almost all social media services require you to enter a ‘Secret Question’ alongside a ‘Secret Answer’ as a method to enable you to retrieve the password in case you forget it. For that, many people usually enter information like 'the first school they went to', or 'the city that they were born in'. Then go ahead and publish that information openly on Facebook as well. To put it mildly, you might as well go on Facebook and publish your password on your timeline. For someone with relatively good social media skills, it will not take a lot to mine such information.
Maintain a virus-free computing environment. Use anti-malware and anti-virus softwares on your system on a regular basis.
Be careful about who you add on your Facebook account and the extent of access to your information that you give them. Scammers can use photographs and personal information of your friends to make you believe that you are adding them. Thus rendering useless all of your efforts at maintaining privacy and keeping your personal information secure. Once again, a few extra seconds of scrutiny while adding a new friend, can prevent you from a lot of trouble.
Open wireless connections
Try being wary of using open (i.e. un-secure) Wi-Fi networks. While yes, the temptation can usually get the better of most of us, please know that such open networks may be used as honeypots to intercept, store and decode your information and launch MITM attacks.
Secure Sockets Layer (SSL)
Always use Facebook, Twitter and other social media services using Secure Sockets Layer. In order to implement SSL, do the following:
i) Secure Facebook
Open Facebook settings, click on the security tab to the left, open the option for enabling secure browsing, click enable.
ii) Secure Twitter
Open Twitter settings, scroll all the way down and enable ‘Always Use HTTPS’ setting.
Head over to https://www.eff.org/https-everywhere and download the HTTPS everywhere utility for your Chrome or Firefox browser. It will enable you to communicate in a relatively secure way with almost all major websites.
All major social network services have specific privacy guidelines that are published on their Web sites. Take the time to read and understand these documents, since they include the types of information that they will reveal - or sell - to third-parties.
What to do, if compromised?
If you believe that your account has been compromised, immediately change your password, delete the spam posts or uninstall the malicious Facebook app spamming your account, clean your cache, and preferably run an anti-virus / malware scan on your system to be on the safe side.
Social networking websites are excellent tools for sharing information, but like all other spheres of life, adapting a more responsible behavior towards their usage can go a long way in ensuring that your social media experience remains hassle free.
This article originally appeared in April 2012 edition of Spider Magazine.