If you're a Facebook [2] addict - and chances that if you have a parietal lobe and a mouse, you are - then you'll be interested to see this eye-opening article about how easy it is to hack through the privacy settings in your profile.
According to ZDNet.com [3], an Israeli security research firm recently demonstrated just how easy it is to hack Facebook and bypass the privacy settings that so many of us hold dear.
Claims the man [4]:
I could write malicious application that steals users personal info or even simple application that build for me a bot net users for malicious purposes like hacking systems for SQL Injections and DDOS attacks. Using ClickJacking i also could fool users to click whatever I want: adding me as their friend, delete their account, and even open their camera and microphone using flash (Older versions then 10.x), or install Facebook applications that posting their web camera and microphone every time they connected to Facebook - Just use your imagination on what you want others to click on...Transfer to you poker chips???
In other words, be afraid. Be very afraid.
In all seriousness, this does give cause for concern. Many users simply believe that using the proper security settings on their Facebook profile is enough to keep unwanted users out, but a skilled hacker should have no trouble doing damage.
It's important to note that if you want to protect your privacy, it's still a good idea to keep your privacy settings strict so that unwanted users can't view your information or photographs. But the ease with which Facebook can be hacked, at least in the example above, does give rise to this question: is this proof that the most secure Facebook profile is no Facebook profile at all?
The researcher has released a video showing the clickjacking hack, though it doesn't have any audio - bummer.
There's no reason to cut and run simply because you're afraid of hackers. But if you closely guard your security online and keep a Facebook profile active, then this question is one you'll really want to ponder.
Remember also that just because a hacker could get to your profile doesn't mean that any necessarily will or would want to. Just be sure that you respect your own privacy and respect the power of hackers to go after your identity through something as simple as social media.
In a few days, it will be a month since Christmas has come and past, and that usually means a month since you've opened up those new computers and laptops. While you're enjoying the free trial offers of expensive anti-spyware and virus protection programs, you're probably also aware (or even repeatedly reminded) that they're about to expire. If you don't want to pull out the credit card but don't want to lose the spam and virus protection, it's time to look at a third alternative - free programs.
Yeah, yeah, I know. You get what you pay for, right? Some people may even be so dead-set against free anti-spyware that they simply pay for the more expensive suites just to feel comfortable. Don't be that person. Let's check out a few free programs that actually deliver the goods:
Microsoft often gets a bad rap these days, especially when it comes to software bugs. But what people don't take into account is that most viruses are written for Microsoft or Windows software; of course they're going to get slammed. MS isn't oblivious to this, hence the free Security Essentials [7] program that you can download right now. We love this as a security program because it's simple, gets the job done, and won't expire on you because it's absolutely free. Just one quick tip: make sure that you uninstall the previous spyware program you've been running if you decide to stick with Security Essentials. Keeping your computer free and clear of unwanted programs will help it run smoothly.
avast! [8] is another great alternative - they provide both hardcore, more costly Internet security systems but also offer Antivirus 5.0, a free program. You'll get the usual suspects - anti-spam firewalls, message scanning, and compatibility with your latest Windows system - as well as a few avast!-unique frills like avast! Community IQ. Which is the better choice? It depends on your needs. Give one of them a try or, if you're feeling ambitious, give them both a try and look for the best results. Ideally, a solid security program will run in the background, talk to you as little as possible, and keep your computer clean and fresh. If that's what one of these programs does for you, then it's doing its job. Leave it alone! You don't necessarily need the more expensive security programs unless you're really looking for some serious protection.
Still not sure which program to use? Lifehacker.com has a review and additional resources for both programs:
Let us know in the comments if you have a favorite free option. There are some good ones available and these aren't the only two out there.
Operating System: Windows XP (Service Pack 2 or Service Pack 3); Windows Vista (Gold, Service Pack 1, or Service Pack 2); Windows 7
As if there weren't enough worries about identity theft in this era high-tech, password/encrypted technology, we have to remind ourselves that identity theft still happens because of the hard technology and documents you expose to the world.
Consider the case of William Pollock [14], a young man from Texas who was looking to find a solid moving company to help move his family to Pennsylvania.
Pollock shopped around for a few different movers, as most of us would do, and when he wasn't happy with their price quotes, he turned to Craigslist. There he found Moo-Ving.com, a company with a professional enough web site and, what's more attractive, a far lower price quote.
Caveat emptor. As it turned out, the company took Pollock's $5,000 in upfront cash and started making demands, telling him that they wouldn't move his belongings unless he paid their fees. Eventually the company stored his belongings in a secret location, essentially holding his private property hostage.
This kind of theft isn't as cut and dry as "routine" identity theft. You know not to give out your credit card number unless the person taking it has a good reputation and the interaction is secure. But what about private dealings with companies that appear to have good web sites?
Let's consider some of the red flags Pollock could have considered:
All of these elements, put together with a company like Moo-Ving.com, spelled disaster.
How can you avoid this type of mistake? Simple: work with reputatable businesses when you entrust your belongings to someone else, and make sure that you pay after a job is well done, not before.
If you've become a victim of a company like this, you can turn to MoveRescue [15] - an organization funded by some of the larger moving companies that provides legal help and assistance to consumers stuck in this situation.
Links:
[1] http://fightidentitytheft.com/blog/proof-most-secure-facebook-profile-no-facebook-profile-all
[2] http://www.facebook.com/
[3] http://blogs.zdnet.com/security/?p=5293&tag=col1;post-5293#more-5293
[4] http://narkolayev-shlomi.blogspot.com/2010/01/clickjacking-facebook.html
[5] http://fightidentitytheft.com/blog/proof-most-secure-facebook-profile-no-facebook-profile-all#comments
[6] http://fightidentitytheft.com/blog/your-new-computer-complaining-about-expired-virus-protection-replace-it-free
[7] http://www.microsoft.com/Security_Essentials/
[8] http://www.avast.com/index
[9] http://www.avast.com/free-antivirus-download
[10] http://lifehacker.com/5452079/avast-free-antivirus-50-adds-behavior-monitor-heuristics-engine-and-improved-performance
[11] http://lifehacker.com/5433229/microsoft-security-essentials-ranks-as-best performing-free-antivirus
[12] http://fightidentitytheft.com/blog/your-new-computer-complaining-about-expired-virus-protection-replace-it-free#comments
[13] http://fightidentitytheft.com/blog/why-moving-companies-may-be-threat-your-privacy
[14] http://www.walletpop.com/blog/2010/01/16/desperate-moves-consumers-belongings-held-hostage-by-rogue-mov/?icid=main|htmlws-main-w|dl3|link3|http://www.walletpop.com/blog/2010/01/16%
[15] http://www.moverescue.com/
[16] http://fightidentitytheft.com/blog/why-moving-companies-may-be-threat-your-privacy#comments