Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Featured, Security

Facebook Security for the Lazy

Submitted by on April 28, 2011 – 2:36 am7 Comments

Every time you use Facebook, you probably have a nagging feeling in the back of your head that someone other than your friends is reading your posts. You should trust that feeling. At the same time, keep in mind that Facebook is a tool designed primarily for sharing personal information with large groups of people you barely know. Facebook is not your personal diary or a substitute for SMS.  You just need to assume that everything you post on Facebook inevitably will end up in the hands of someone you don’t like very much. And then you proceed based on that assumption.

Enable HTTPS

When I say “inevitably”, I mean there is nothing you can do to prevent your personal information from escaping. However, there are a few things you can do to delay and limit the damage. In January of 2011 Facebook has finally caught up with the rest of the twenty-first century and introduced HTTPS support. When you use HTTPS, everything you read or write on Facebook is encrypted before being sent over the network. This is a valuable feature to have if you are accessing Facebook from your employer’s network, as it makes it a lot harder for your boss to read your correspondence.

Enabling HTTPS for Facebook is easy. But keep in mind that there are a few Facebook apps that don’t yet have HTTPS support. You don’t want to use them anyway. So go to your Facebook Account Settings -> Account Security and check “Browse Facebook on a secure connection”, as the screenshot below illustrates.

Friends of Friends are Your Enemies

This “Friends of Friends” thing is the cornerstone of Facebook’s business model. The model in question is based on continuous growth of membership and member activity. The “Friends of Friends” feature is the big-block V8 driving this growth. On the other hand, logic dictates that these friends of your friends are mostly people you don’t know. Many of them you don’t want to know. And some of them you may want to punch in the face. Be careful when you choose to share details of your personal life with these shady characters.

The screenshot below shows the recommended minimum security requirements for sharing personal information on Facebook. First things first, make sure that “Everyone” can see nothing. I would encourage you to consider changing accessibility to your biography and photos where you were tagged to “Friends Only”. To make the changes, go to your “Privacy Settings” -> Customize settings.

 

It is also a good idea to make sure that your phone number (if you are using Facebook Mobile) is only visible to you. Disable “Include me in “People Here Now” feature: you don’t want Facebook alerting the entire world that you are at a local strip bar. Also disable “Friends can check me in to Places”. Nobody has time to use this feature anyway and if they do, they are up to no good.

Whenever you allow “Friends of Friends” to view your stuff on Facebook, you essentially delegate the job of managing your privacy to your online buddies. Doing so rarely works out for the best. Let’s say you have a hundred friends on Facebook and each of them has a hundred friends. This comes out to hundreds, perhaps thousands of people many of whom are roughly your age, living in the same area, working in the same field. They are not your friends – they are your competition. The last thing you want to give them is access to any kind of dirt on you.

Apps, Games, and Websites

Perhaps the biggest security threat on Facebook comes from apps and Web sites that can access your information. There are thousands of crooks who build up massive databases of user data under the cover of some innocuous-looking app or a silly online game. And the worst part is that you allowed them access to your personal information when you started using their software. Technically, they are not breaking any laws, but this does not mean that they won’t in the future.

Go to your “Apps, Games, and Websites” settings in your Facebook profile (see the screenshot above) and remove all but the most beloved and indispensable apps from the list. To help you make up your mind, Facebook tells you how long ago apps accessed your data. Definitely remove everything you haven’t used in the past month or two. Should you suddenly develop a need for one of these apps in the future, it is a simple matter of adding it back to the list.

While you are in the “Apps, Games, and Websites”, take a look at the “Game and app activity” section. By default, your “Friends” can see your apps and games activity. You may want to change this so that only you can view this information. In the same section, make sure that “Public search” and “Instant Personalization” are disabled. Today Facebook’s social engineers are stumbling around in search of new ways of integrating your personal life into their business master plan. They like a good challenge, so don’t make their jobs easier.

Your Stupid Password

Most Facebook accounts are compromised not with advanced computer hacking techniques but by using statistical analysis of popular passwords. In other words, these “hackers” are very good at guessing your passwords. Some years ago I was doing password quality analysis for a large company. This involved using a supercomputer to crack thousands of encrypted passwords, which were then analyzed using various statistical models. “Apple1″ was the most common password. If password ageing was enabled and “apple1″ password expired, guess what computer users changed it to? That’s right, “apple2″. Once a requirement for an 8-character password was introduced, the fruit of choice changed to “apricot1″. People love fruits.

Try to show some originality when selecting a password. Without a question, your most important password is that to your email account. Never ever use that same password for any other purpose. The first thing a hacker would do after unlocking your Facebook profile is to try to get into your email account with the same password. And once that happens, you may soon find yourself living in a cardboard box under a bridge. Having the same password for Facebook and email is like making a key that unlocks both your house and the safe inside it.

Related posts:

  1. Data Security and Online Privacy

  • http://www.bigfatostrich.com mike

    I can’t believe that so many of willingly gave Facebook our real names. We never would have done that back in 1997, so why did so many people decide to “trust” Facebook?

    I’ve since changed my real name for an alias, but they probably know that, don’t they…

  • http://www.krazyworks.com admin

    Facebook keeps historical user data indefinitely. Whatever information you had in your profile in the past, is still backed up somewhere on their servers.

  • rndmaktn

    Well I will just start off by giving some information. Some of this may not help at all but I’ll still put it.

    I like sports, but don’t play any.
    I’m pretty lazy….
    I love video games and computers, but I’m really not too smart when it comes to working with/fixing computers.
    I like rain.
    Honestly I’m really not smart but I’m not close to dumb.
    i really don’t know what else to say. Sorry. But if you could give a few suggestions that would be great.
    I’m a junior in high school.

  • Nathan B

    I got enough swagbucks to order a $5 amazon gift card and then it asked me to verify it. It said veryify with email or with security question, and i was too lazy to verify with email so i did the security question. It said it had verified but nothing on the screen changed and there was no submit or anything and it took the swagbucks from my account and when i go to my gift cards it says nothing. I’m wondering if this is normal and there is nothing untill the 10 days or whatever or if i did something wrong. It just kinda feels like i messed something up but maybe i’m just being jumpy.

  • ConfusionnaJob

    I really like my job except for this one job site I go to. They set up new alarms throughout the entire place and I do security. I haven’t been there in 3 months and messed all the alarms up when I reported for work. I kindly asked him to please train me on the new system or I can’t work that site since the site manager wrote me up.

    He started screaming at me thru the phone “how much training do you need!!” so I said I am having problems with the alarm and told me to just write up a letter of resignation and bring in my uniform Monday. Hes just one step below the company boss and is about the same age as me (30) and really doesn’t have the authority to do this. He is just to lazy to train me. I don’t want to quit but he makes the job miserable and there really is nothing in this job area I can get, especially immediately. Plus I am a single mom.

    I guess he posted on his Facebook that he’s training new people at my site because he needs “more dependable employees” (mature of him). Should I just quit even though I really need income to get away from his immaturity?

  • superdork

    which are better?
    All my password are hard to guess and i am not a type of person who talks about their personal life.
    Tanner…why someone would do that to me? I do not store any “important file in my computer”.

  • Mr SoLo DoLo

    This will be a little long, and will be somewhat of a rant, but it is just to show why I feel like killing myself.

    I am a senior in high school, my grades are slipping (not failing, but slipping), I am about to graduate in less than a month. I turn 18 this Tuesday, and I don’t even have a job yet, my GPA is not even a 2.0, its like a 1.9 something. I didn’t take the SAT, out of my ****ing laziness. My hardest subject is algebra 2, and I don’t understand a thing, and if I don’t pass the test I have this Friday, I fail for the year. I have only 1 friend in school, and even he doesn’t like me much. My best friend moved to Texas a month ago, that was a big blow for me, now I didn’t have anyone to talk to, or hang out with on the weekends, nothing. I really miss my friend. Now I have spent every single day coming home form school just isolate din my room, on the computer, either on Facebook (which no one even talks to me on there) or looking at questionable websites and have recently (sorry to gross you out) become a chronic masturbator, I am always doing it, when I am bored, sad, etc. And the worst thing is, after I am done, I feel even worse. I have let myself go, I have gained a lot of weight, my room is a mess, my parents are always arguing with me, and my mom admitted to me today that she hates me. They look up to my older brother who enlisted into the Army and got a career, now he is living on his own and then they look at me and see what a loser I have become. And what has me really mad is that my uncle came to our house to supposedly “visit” but it just turns out he is just as lazy as me, or worse, and just came to mooch of my parents (like I am), so he could have a place to stay and not do anything. And I HATE that. I am becoming just like him too. Not to mention it is very uncomfortable living in a house when you can’t do the small things anymore such as walk around your house without a shirt on, or go to the bathroom whenever you want, just small things. I digress though, but today it just all came to me and I am feeling EXTREMELY overwhelmed with all of this, and am seriously contemplating suicide, as I don’t care anymore, I really don’t.