Pinterest Under Siege By Scammers

Charles Ripley , BrandPost

Have you joined the Pinterest revolution yet? Pinterest is the new hottest thing on the social networking scene. It’s so hot that it has drawn the attention of scammers and malware developers--offering fertile ground for finding unwary victims.

Pinterest is a virtual pinboard. It is essentially a means of categorizing and bookmarking visually. When in a traditional Web browser, you might bookmark a really cool classic car, or a recipe for a drink that sounds delicious, with Pinterest you “pin” thumbnail images of the things you like.

Pinterest is also a social network. You can search the various pins and pinboards across all of Pinterest, or follow other users’ pins like friends, family, or just people who seem to pin a lot of things you find interesting.

Read more »

Use the Facebook Privacy Controls You Have

Charles Ripley , BrandPost

One of the biggest issues people have with social networks is how or where their personal information is being shared. Updates to the Facebook privacy policy have some privacy advocates up in arms--perhaps for good reason. But, the irony is that many people who claim to be concerned about personal privacy don’t even use the controls at their disposal.

At the heart of the current debate are changes that Facebook has made in the interest of full disclosure ahead of its upcoming IPO. Some of the changes seem to suggest that Facebook could venture into a broader advertising network that extends beyond just Facebook. In that case, some information posted within Facebook could be shared outside of the social network on ads on third-party sites.

If you’ve ever used a tool like the Outlook Social Connector, though, you know that many people are inadvertently exposing a wide variety of personal information to the general public. The Outlook Social Connector links to Facebook and other social networks to integrate information about your contacts and display it in Outlook. Often, you are able to view status updates and personal information from people who aren’t even in your social network because their data is open to the public.

Read more »

Windows 8 RT Poses Security Dilemma

When Windows 8 hits the street later this year it will represent the boldest overhaul of the dominant desktop operating system to date. Aside from the Metro interface, one of the biggest departures from Windows tradition will be the addition of a new variant that runs on ARM hardware. While that opens up some new horizons for Windows, it may also put Windows 8 RT users at risk.

What’s the risk? Well, Windows users have been conditioned to have a healthy dose of skepticism when it comes to phishing attacks and malware, and they know they’re supposed to run security software to help detect and block threats. The problem is that legacy Windows software will not function on the ARM version of Windows. That means that consumers will have to purchase new or different security software for Windows 8 RT than they’re used to on their legacy Windows systems.

Windows itself will still be Windows, though. The operating system will still be a popular target for malware developers, and users will need to be able to defend their Windows 8 RT systems. Developers will have to develop new solutions specific to Windows 8 RT which will most likely result in fewer choices when Windows 8 RT launches. Its also possible that the features and capabilities of the Windows 8 RT version of a security solution may not match the traditional Windows version.

Read more »

Get Off the Vulnerability Patching Merry-Go-Round

Microsoft has designated the second Tuesday of each month Patch Tuesday for some time now. Patch Tuesday gives patch management a sense of predictability as opposed to the old system of just releasing critical updates randomly as they come up. The pre-defined patch release schedule is helpful, but it doesn’t change the fact that users are on a perpetual merry-go-round of patching.

For May, Microsoft released seven new security bulletins that fix a total of 23 separate vulnerabilities. One in particular--MS12-034--patches 10 different vulnerabilities spanning a broad range of Microsoft software. Adobe also joined the fray with security updates for Shockwave, Illustrator, Photoshop, and Flash.

Last month Microsoft released six security bulletins, and the month before that it was another six security bulletins. In five months Microsoft has already issued 35 security bulletins in 2012, and it often feels like a new Patch Tuesday rolls along before the dust has even settled from applying the patches from the last one.

Read more »

Fragile: Passwords May Be Cracked or Broken

Charles Ripley , BrandPost

Sometimes when you buy something breakable--like a crystal vase, or a big screen TV--the box is plastered with stickers alerting you in bright red letters that the contents are “fragile”. Perhaps we need to start putting those notices on computers and mobile devices as well.

To be fair to passwords, most users still don’t follow basic practices that have been drilled for years. The mantra of choosing long, complex passwords that can’t be easily guessed or cracked has been repeated time and time again. Everyone knows that they’re supposed to choose passwords comprised of uppercase and lower case letters, numerals, and special characters.

The problem is, many people still just don’t get it, or don’t care. Microsoft revealed in its most recent Security Intelligence Report that 92 percent of the Conficker infections still plaguing Windows PCs are a result of weak passwords. Millions of PCs are being compromised because people continue to use “1234”, or “password”, or other equally silly, and easily guessed passwords to “protect” their systems.

Read more »

Is It Still Spying If You Approved It?

Online privacy is a hot issue. People expect to be able to surf the Web and use the Internet without compromising their privacy in the process, but the sites and services people use may be monitoring their online behavior. This may seem like an infringement of privacy to some, however, what they don’t realize is that they agreed to be watched.

The average Internet user visits more than 2,500 websites and online services per month. Virtually every one of them has a privacy policy of some sort. You might have to dig (a lot) to actually find it, but it’s there somewhere. By visiting the site or using the service you’re tacitly agreeing to the terms of the privacy policy whether you read it or not.

How many privacy policies have you read from beginning to end? Probably zero. One source reports that legal and tech researchers estimate it would take an entire month to read all of the privacy policies for the sites an average person visits in a year. Are you willing to invest that kind of time? Of course not.

Read more »

Twitter Discover Highlights Pros and Cons of Personalization

Twitter is making some changes to the Discover tab. Essentially, Twitter is attempting to deliver more relevant, personalized content that incites users to interact and stay engaged on the service. Customizing content is a double-edged sword, though, that involves some degree of privacy infringement--or at least erosion--to achieve.

A post on the Twitter Engineering blog explains, “We’ve improved our personalization algorithms to incorporate several new signals including the accounts you follow and whom they follow. All of this social data is used to understand your interests and display stories that are relevant to you in real-time.”

Sounds like a good thing at face value. If you’re only following a handful of Twitter accounts it may not seem useful, but if you follow a couple hundred, or a few thousand Twitter accounts you understand how quickly the information flies by, and how difficult it is to keep on top of the rapidly flowing stream.

Read more »