US-CERT Cyber Security Tip ST06-003 -- Staying Safe on Social Network Sites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST06-003
Staying Safe on Social Network Sites
The popularity of social networking sites continues to increase,
especially among teenagers and young adults. The nature of these sites
introduces security risks, so you should take certain precautions.
What are social networking sites?
Social networking sites, sometimes referred to as "friend-of-a-friend"
sites, build upon the concept of traditional social networks where you
are connected to new people through people you already know. The
purpose of some networking sites may be purely social, allowing users
to establish friendships or romantic relationships, while others may
focus on establishing business connections.
Although the features of social networking sites differ, they all
allow you to provide information about yourself and offer some type of
communication mechanism (forums, chat rooms, email, instant messenger)
that enables you to connect with other users. On some sites, you can
browse for people based on certain criteria, while other sites require
that you be "introduced" to new people through a connection you share.
Many of the sites have communities or subgroups that may be based on a
particular interest.
What security implications do these sites present?
Social networking sites rely on connections and communication, so they
encourage you to provide a certain amount of personal information.
When deciding how much information to reveal, people may not exercise
the same amount of caution as they would when meeting someone in
person because
* the internet provides a sense of anonymity
* the lack of physical interaction provides a false sense of
security
* they tailor the information for their friends to read, forgetting
that others may see it
* they want to offer insights to impress potential friends or
associates
While the majority of people using these sites do not pose a threat,
malicious people may be drawn to them because of the accessibility and
amount of personal information available on them. The more information
malicious people have about you, the easier it is for them to take
advantage of you. Predators may form relationships online and then
convince unsuspecting individuals to meet them in person. That could
lead to a dangerous situation. The personal information can also be
used to conduct a social engineering attack (see Avoiding Social
Engineering and Phishing Attacks for more information). Using
information that you provide about your location, hobbies, interests,
and friends, a malicious person could impersonate a trusted friend or
convince you that they have the authority to access other personal or
financial data.
How can you protect yourself?
* Limit the amount of personal information you post - Do not post
information that would make you vulnerable (e.g., your address,
information about your schedule or routine). If your connections
post information about you, make sure the combined information is
not more than you would be comfortable with strangers knowing.
* Remember that the internet is a public resource - Only post
information you are comfortable with anyone seeing. This includes
information in your profile and in blogs and other forums. Also,
once you post information online, you can't retract it. Even if
you remove the information from a site, saved or cached versions
may still exist on other people's machines (see Guidelines for
Publishing Information Online for more information).
* Be wary of strangers - The internet makes it easy for people to
misrepresent their identities and motives (see Using Instant
Messaging and Chat Rooms Safely for more information). Consider
limiting the people who are allowed to contact you on these sites.
If you interact with people you do not know, be cautious about the
amount of information you reveal or agreeing to meet them in
person.
* Be skeptical - Don't believe everything you read online. People
may post false or misleading information about various topics,
including their own identities. This is not necessarily done with
malicious intent; it could be unintentional, a product of
exaggeration, or a joke. Take appropriate precautions, thought,
and try to verify the authenticity of any information before taken
any action.
* Check privacy policies - Some sites may share information such as
email addresses or user preferences with other companies. This may
lead to an increase in spam (see Reducing Spam for more
information). Also, try to locate the policy for handling
referrals to make sure that you do not unintentionally sign your
friends up for spam. Some sites will continue to send email
messages to anyone you refer until they join.
Children are especially susceptible to the threats that social
networking sites present. Although many of these sites have age
restrictions, children may misrepresent their ages so that they can
join. By teaching children about internet safety, being aware of their
online habits, and guiding them to appropriate sites, parents can make
sure that the children become safe and responsible users (see Keeping
Children Safe Online for more information).
_________________________________________________________________
Author: Mindi McDowell
_________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST06-003.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRCrrV30pj593lg50AQKXKQgAr2LqqfzHZG+56G8pQQVWKedbSoksR09n
ndGxlLLJgxvbC4EBg4TvrfvH6BrMgyMLhr+ENZ6HkRTK5/YPbmpPeZicESz0gtu7
Zyhi9XRtmZYm69Fu3h8AL3bVqkYALM8F3bFG6NQwePZsv3uJ2QGSRNeH2fMZewgt
OJwZnTeZYw/NYYYO36NmoyE3Qx2pjfbwlkCXimw/bvwiALGaOffwFS5NSO6ktseC
4yJaF2DLoIEdhbFgkkkmXNc621XzgS+G4dZd0EIYrTsECkhThTmchS3HZxu43w9R
NZbm6Udi1YZPp49ddPP/MgeS6a7I4/YOUraCpkAaJhWIRB3XAJH0EQ==
=4RkN
-----END PGP SIGNATURE-----
[Fedora Announce]
[Linux Crypto]
[Kernel]
[Netfilter]
[Video for Linux]
[Bugtraq]
[USB]
[Fedora Security]
