Here is a news story that Jim and I participated in on Facebook and securing your private information.
http://www.wowt.com/home/headlines/67332677.html
- 4cast (1)
- aboutus (1)
- apple (3)
- attacks (1)
- authors (1)
- backontrack (1)
- backtrack (2)
- blog (1)
- botnet (1)
- breach (1)
- cell phone (2)
- cell phone forensics (2)
- cellebrite (1)
- chain of custody (1)
- challenge (1)
- copyright (1)
- crime (1)
- crypto (1)
- cyber security (6)
- cyber stalking (2)
- cybercrime (4)
- cyberwar (1)
- data size (1)
- economy (1)
- encase (1)
- encryption (3)
- enticement (1)
- evidence (3)
- exploit (3)
- facebook (4)
- fail (1)
- forensics (16)
- free (1)
- free speech (2)
- ftk (1)
- ftw (3)
- funny (1)
- future (1)
- game systems (2)
- government (1)
- gps (1)
- guidance (1)
- harassment (1)
- imaging (1)
- interview (6)
- investigation (8)
- ip (1)
- ip address (1)
- iphone (2)
- law (3)
- links (22)
- mac (2)
- model (1)
- news (16)
- pentest (2)
- podcast (1)
- printers (1)
- privacy (12)
- products (1)
- ps3 (1)
- quickhit (1)
- registry (1)
- regripper (2)
- review (1)
- riaa (1)
- sim card (1)
- skype (1)
- social engineering (2)
- social networking (1)
- theft (1)
- threats (8)
- tools (2)
- triage (1)
- Twitter (1)
- video (2)
- vpn (1)
New Website
Check out MattChurchill.net. I have migrated most of the content over to this site and will mostly be using it from now on. Thanks.
Matt's Twitter
Other Blogs
Another article came along regarding Facebook security and hijacked applications. What I found most interesting was this quote:
On top of all these security issues, in August many Facebook users were surprised to discover the vast amounts of personal information they were revealing by their use of Facebook quizzes. Even if you limit access to your profile through privacy settings, Facebook quiz applications can see everything on your profile page when you take a quiz...or even when your friend takes one. To make matters worse, Facebook does not screen developers for trustworthiness nor do they require developers to comply with a privacy policy."...or even when your friend takes one." I've always thought that it's kind of shady that quizzes and applications can access my friends' personal data. I shy away from the apps and quizzes for this specific reason. But, are my friends providing me the same courtesy? By being on Facebook, am I putting my personal information security in my friends' hands? Facebook has done better with increased privacy settings, and hopefully users have changed those settings to be more restrictive.
If I was a malicious user, I would absolutely create as many quizzes as I could that would take advantage of the automatic data mining capabilities of Facebook.
It seems like a recurring theme on this blog lately, but be careful of what you post online.
Wow. We all know that social networking can be "bad". Here are a few recent articles.
- Exclusive: U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets
- How Social Networking Can Hurt You
- How Hackers Find Your Weak Spots
- Opinion: Twitter, Facebook Security Depends on Vigilant Developers, Sensible Users
- Researcher: Hackers Hijack Some Facebook Apps
- Facebook, Twitter users beware: Crooks are a mouse click away
- Does your social class determine your online social network?
Stan B. Walters is well known as "The Lie Guy". He gets a fair amount of press and I've attended his Kinesic Interview and Interrogation course. Stan often uses current events to illustrate his techniques and talking points. In his most recent blog post, he takes on the "Balloon Boy" family.
We now know that the balloon stunt was a hoax. Stan mentions that "it all came down to the verbal and nonverbal cues of deception generated by the Heenes." Unfortunately, he doesn't go into any detail on what he thinks those cues were. However, there are a few listed in the CNN article linked above.
Stan talks about narrative based interviews as a way of gathering information. You can learn a lot from just listening to someone talk and watching their body language. He also mentions that the interviewer needs to be aware of what signals they are giving back to the interviewee. These are a lot of the same points I tried to make in the Social Engineering Podcast and Stan's post is a good read.
I've been waiting for an Android phone to hit Verizon for a while, so I've been following some mobile phone blogs. This post from Boy Genius Report was interesting to me on the cell phone forensics front.
One of Cellebrite's selling points for forensic use is that they often get previews of new devices in order to get their units up to speed for use in the carrier's stores. The photos in the BGR post (if real) certainly give some credibility to that statement. I wonder if other cell forensic suites get similar updates.
I mentioned a few posts back that I've been helping contribute content over at Social-Engineer.org. Today they released their first podcast and I was lucky enough to be the interview guest. The podcast builds on this post I did a while back about interviewing techniques.
I think the podcast presents some useful information. Even though the topic is interrogation, pieces of the conversation should be useful in everyday interaction.
Give it a listen and let me know what you think. If you RSS and don't want to come back here to leave comments, hit me up on Twitter @_remnant_ .
Thanks to everyone over at Social-Engineer.org for making a great site and some fun times.
Subscribe to:
Posts (Atom)