Have you played with Facebook’s Open Graph search yet?
Facebook’s new search tool is now available to all American users. The rest of the world still has to request its preview here.
Your search bar is now much more prominent in the interface and you should expect it to start playing a much bigger role in how people use the site. The tool mixes a little bit of fun with a little bit of creepiness. And while it’s definitely more useful that Facebook’s old search, it could get you in some trouble.
The good news is that the search respects your privacy settings. The bad news is a lot of people don’t seem to be that careful with their privacy settings.
We tested out these searches and were shocked by how many many profiles actually came up:
How do you know if you’re protected from embarrassing searches?
We’ve made it easy to check. You can use our Safe Profile Beta app and get your privacy score and recommendations now.
Or you can check manually by clicking on the lock on the upper right corner of any Facebook page for “Privacy shortcuts”.
Click on “Who can see my stuff?” then “What do other people see on my timeline?”
You’ll see what’s available to the “Public” your “Friends” or a specific person could find as they search for you.
If you’re not happy with anything that may come up, here’s an excellent guide for locking your profile down.
Open Graph search makes the information on your “About” page as well as the privacy settings of your “Friends”, “Photos” and “Likes” more important than ever. So be sure to check out the first four sections of this guide.
And — to be extra safe — I’m going to remind you to run Safe Profile beta, again. And if you do, let us know what score you got in the comments.
[Image by Eugene Zemlyanskiy via Flickr.com]
Collision is coming to a close today, and what a week it’s been. F-Secure’s Chief Research Officer Mikko Hyppönen was there earlier in the week, and gave a compelling talk on the evolution of cyber crime. He also gave a quick post-talk interview, so check out this Quickfire article to learn who Mikko thinks deserves a slap in the face. F-Secure also ran a basic Wi-Fi experiment at Collision*, similar to ones conducted in 2014 and 2015. While the experiment conducted at Collision had a smaller scope than our previous investigations, it does prove that people are still pretty promiscuous when it comes to connecting to public Wi-Fi hotspots without the proper protection, such as a VPN. In the first two days of Collision, we observed nearly one hundred people connecting to a phony Wi-Fi hotspot. And none of them were encrypting their traffic. Connecting to a phony Wi-Fi hotspot can open the door to all kinds of problems. Hackers have been known to use similar setups to help them “sniff” people’s Internet traffic, allowing them to do things like read personal messages, log the websites people visit, and even steal passwords and other sensitive information. So if you make a habit of using public Wi-Fi hotspots – whether you’re at a tech conference, an airport, a café, or a hotel – you should give Freedome a try to keep you and your private data safe and secure. [Image by Erin Pettigrew | Flickr]
Finland is home to the freest news media in the world, according to Reporters Without Borders. It's fitting, then, that the annual UNESCO World Press Freedom Day conference will be held in Helsinki this year, May 2-4. Freedom of information is a topic that's close to our heart. We were fighting for digital freedom before it was cool - yes, before Edward Snowden. A free press is foundational to a free and open society. A free press keeps leaders and authorities accountable, informs the citizenry about what's happening in their society, and gives a voice to those who wouldn't otherwise have one. Journalists shed light on issues the powers that be would much rather be left in the dark. They ask the tough questions. They tell stories that need to be told. In a nutshell, they provide all of us with the info we need to make the best decisions about our lives, our communities, our societies and our governments, as the American Press Institute puts it. That's a pretty important purpose. But it can also be a dangerous one. Journalists working on controversial stories are often subject to intimidation and harassment, and sometimes imprisonment. Sometimes doing their job means risking their lives. According to the Committee to Protect Journalists, 1189 journalists have been killed worldwide in work-related situations since 1992, when they began counting. 786 of those were murdered. Freedom of the press and digital technology are inextricably intertwined. Journalists' tools and means of communication are digital - so to protect themselves, their stories and their sources, they also need digital tools that enable them to work in privacy. Encrypted email and messaging apps. Secure, private file storage. A password manager to protect their accounts. A VPN to hide their Internet traffic and to access the content they need while they're on assignment abroad. F-Secure at World Press Freedom Day It's because press freedom and technology are so intertwined that it's our honor to participate in this year's World Press Freedom Day conference. Here's how we'll be participating in the program: Mikko Hypponen, Chief Research Officer at F-Secure, will keynote about protecting your rights. Tuesday May 3, 14:00 to 15:45 Erka Koivunen, our Cyber Security Advisor, will participate in a pop-up panel debate on digital security and freedom of speech in practice. Tuesday May 3, 15:45 – 16:15 Sean Sullivan, our Security Advisor, will be on hand to answer journalists' questions about opsec tools and tips. One of our lab researchers, Daavid, will be inspecting visitors' mobile devices for malware. We'll feature our VPN, Freedome. Check out our Twitter feed on May 3 for livestream of Mikko's and Erka's stage time. Banner photo: Getty Images
An employee opens an attachment from someone who claims to be a colleague in a different department. The attachment turns out to be malicious. The company network? Breached. If you follow the constant news about data breaches, you read this stuff all the time. But do you ever wonder how hackers get otherwise smart, professional people to fall for their tricks? How do they know who to email? What to say to get their victim to fall prey? Where do they get the information that gives them a foothold into an organization? The answer is so simple, and just makes too much sense: LinkedIn. Recon made easy The first phase of any targeted hacking scheme is the reconnaissance phase - where the hacker gathers information about the company, employees, their job titles, email addressses, etc. What better place to start than LinkedIn? "LinkedIn is a treasure trove of easily accessible personal information and company IT data," writes penetration tester Trevor Christiansen. "Unbeknownst to most of the employees who post their information on LinkedIn, any hacker looking to wreak havoc on a company’s highly sensitive, business-critical data could find his or her point of entry using this ubiquitous business networking forum." White hat hackers (the good guys) like Christiansen use LinkedIn to gather information too, albeit with a different end purpose in mind - to test and improve an organization's security. F-Secure CEO Christian Fredrikson described two such exercises performed by F-Secure's ethical hacking team in his recent keynote at CeBIT. In one exercise, the hackers targeted employees who mentioned mainframe-related info in their profiles. In the other, they targeted source code developers. So, exactly how do hackers, good and bad, use LinkedIn to gain a foothold into company they intend to hack? Our own white hat hacker, Knud in F-Secure's Cyber Security Services team, describes a common scenario. "You just search for employees working at a target company via the standard LinkedIn interface," he says. "Now, armed with a list of names, you can start Googling them until you find a company email address." Now, he says, you have the email format used in the company. For example, firstname.lastname@example.org. "Shoot off an email to a few random employees asking something stupid like 'Bob, is that you? Long time no see,'" he continues. "With a bit of luck, someone will reply and you'll have the corporate signature. With the corporate signature, plus names, positions and job descriptions people helpfully put on LinkedIn, you can start spoofing internal emails." Building rapport for social engineering Knud points out that the more information people share in their profiles, the easier it is to build rapport. "For example, someone lists their graphic design skills. So you send an email that reads, 'Due to your experience with icon design and great layout skills, I wonder if you have time to take a quick look at something we are working on in <other department>; see attached (malicious) document and get back to me." To gain even more information, a hacker can create a fake profile and then connect with the employee. This gives them greater access to contact details and the person's network. Combined with information gleaned from Facebook or other social networks, such as interests and hobbies, hackers can get a pretty full picture of the employee they intend to target, enabling them to sharpen their spear even more. The best defense So what's an employee to do, scrub your profile of all but the most basic info? Decline to list your employer? Such suggestions would seem to defeat the purpose of LinkedIn, where profile information can hopefully lead to networking opportunities. Companies in turn appreciate the promotion they get via their employees on LinkedIn. Luckily, F-Secure Security Advisor Sean Sullivan doesn't believe self-censorship the answer. "It's not really the problem of the employee to limit what they write on LinkedIn," he says. "A security-minded organization should have a policy that states that employees should be mindful." Indeed, the best weapon against these types of attacks is employee awareness. Your information may be available on LinkedIn, but if you're are aware of the ways hackers exploit that info, you'll be less likely to fall for tricks. Employer-sponsored education on social engineering tactics would help employees learn to be suspicious of any communication that seems even the slightest bit off. Hackers may love LinkedIn, but only as long as it gets them where they want to be. To head them off, awareness is key. Image courtesy of Mambembe Arts & Crafts, flickr.com