| Author | Message | ||
     Joan Supporter Username: Joancrystal Post Number: 8330 Registered: 5-2001 |
I recently got internet access at work and during my lunch hour, I occassionally sign on to MOL to see what is happening in our virtual community. Our MIS office has not forbidden me to visi the site but they did send the following e-mail which was directed to me personally and not to all users. Security Awareness NEWSLETTER SEPTEMBER 2006 Volume 1, Issue 4 Staying Safe on Social Networking Sites From the desk of Dan Srebnick and DoITT’s Information Technology Security Team The popularity of social networking sites continues to increase, especially among teenagers and young adults. The nature of these sites introduces security risks, so you should take certain precautions. What are social networking sites? Social networking sites, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections. Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. Many of the sites have communities or subgroups that may be based on a particular interest. What security implications do these sites present? Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because the Internet provides a sense of anonymity the lack of physical interaction provides a false sense of security they tailor the information for their friends to read, forgetting that others may see it they want to offer insights to impress potential friends or associates While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information available on them. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack (see Avoiding Social Engineering and Phishing Attacks for more information). Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data. How can you protect yourself? Limit the amount of personal information you post - Do not post information that would make you vulnerable (e.g., your address, information about your schedule or routine). If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Remember that the Internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines (see Guidelines for Publishing Information Online for more information). Be wary of strangers - The Internet makes it easy for people to misrepresent their identities and motives (see Using Instant Messaging and Chat Rooms Safely for more information). Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person. Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, a product of exaggeration, or a joke. Take appropriate precautions, thought, and try to verify the authenticity of any information before taken any action. Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam (see Reducing Spam for more information). Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join. Children are especially susceptible to the threats that social networking sites present. Although many of these sites have age restrictions, children may misrepresent their ages so that they can join. By teaching children about Internet safety, being aware of their online habits, and guiding them to appropriate sites, parents can make sure that the children become safe and responsible users (see Keeping Children Safe Online for more information). Brought to you by: http://www.msisac.org Copyright Carnegie Mellon University Produced by US-CERT http://www.us-cert.gov/ To what extent do you think the above applies to MOL? | ||
| greenetree Supporter Username: Greenetree Post Number: 9446 Registered: 5-2001  |
I guess that you're lucky that you haven't been murdered at a F2F. Seriously, I don't post contact info online and I wouldn't use my name. It's caution against the freaks. My username and what I do say is enough for people who know me from around town to know who I am online. I don't care if MOL townfolk know who I am. Sure, they can be freaks, too, but I don't think that I'm in any more danger than if they just knew me from being a neighbor. I've had PLs from longtime posters and new posters asking for info about one thing or another. If someone is a long-time poster and it is apparent that they can be identified and/or known by other long time posters, I'll answer their question. If it is a new poster or someone no one seems to know, I won't respond. When we hosted Memfest, I was sincere that everyone was invited, but would not post the details or address for a reason. At the time, there some vicious stuff going on between new and old posters and I didn't want it to spill over IRL at my house. Everyone who PLed got the info, because no unknown/new jerk-types responded. Some new posters PLed and said "I'm new to town and so&so said I should come meet people. This is my name and this is where I live and this is who I know IRL." I've hosted MOLers with whom I never see eye-to-eye online. That is not a problem. I would not want someone that no one else knows showing up at my house, even tho they may be perfectly nice. | ||
| Joan Supporter Username: Joancrystal Post Number: 8334 Registered: 5-2001 |
I've been posting long enough on MOL and involved in enough M/SO community activities that I have gotten to know who a great many MOL posters are in real life. To me MOL is an extension of SO/M and vice versa. I don't feel that I placing myself in a threatening situation when communicating with MOLers on or off line. Like Greenetree, I use some discretion when opening or replying to PL messages and take care not to supply any very private information about myself or members of my family. However, I can see where the warnings contained in the memo I received could apply to the bulk of social networking sites. What I think is especially interesting here is that MIS sought to send a gentle (or perhaps not so gentle) reminder about issues involving social networking sites in general rather than blocking MOL access to my work computer. | ||
| SO Ref Citizen Username: So_refugee Post Number: 2226 Registered: 2-2005  |
I think they're probably thinking more along the lines of MySpace, Facebook, etc. than MOL. | ||
| Joanne G Citizen Username: Joanne Post Number: 670 Registered: 10-2004 |
There's another, mainly Australian and mainly female, e-community I belong to where we do use real names - strangely enough. Most of us have never met, many of us have been posting for over 10 years, and most of us would drop everything and do anything for each other. We have been known to lend each other valuables at the drop of a hat, raise huge sums of money in short time for personal needs, small groups have met in obscure places in almost flash-mob circumstances: we tell each deep intimate facts about real life situations in our home towns. If you google us, you can easily check on many of us: several of us are prominent in our fields or have featured in media articles for one reason or another. Our bonds are remarkable and although they have weakend over the last 5 years, as the membership has changed, the one abiding truth is the incredible honesty and trust in that community. It is an unstated core principle, and one that is held sacred. The only other e-community I know that comes close to it is MOL. These communities reflect the skills and values of their founders and their moderators. Membership honours those founding goals and guiding principles by group pressure and skillful leadership (the other list's moderator doesn't get to flex muscles much; people aren't banned, they just choose to lie low themselves). It's a mark of maturity. I'd be lost without the honesty of these communities in my life. Warnings are important: honesty is so much easier. | ||
| Hoops Citizen Username: Hoops Post Number: 2124 Registered: 10-2004  |
it means your job is reading all your posts. | ||
| Joan Supporter Username: Joancrystal Post Number: 8339 Registered: 5-2001 |
Hoops: That's a given. We are all connected to a single network and even our entries to our hard drives are monitored frequently. | ||
| Tom Reingold Supporter Username: Noglider  Post Number: 15629 Registered: 1-2003  |
Yes, as SO Ref said, that warning is about the myspace class of sites. We're pretty much all adults here, and obviously, I feel pretty safe here. |
