1
There is no doubt that the giants of social media are here to stay. Facebook, Twitter, Foursquare, Tumblr, Instagram and many such socially interactive services are now being used by millions of people from Pakistan. And it has gone well beyond being just about people and big brands. Increasingly, there is a whole cottage industry of home-based businesses that use social media as a primary means of interacting with, and securing, more customers.
This increased use of social media has also increased the chances of hackers and scammers, finding ways to catch users off guard. Adding to that, the lack of face-to-face communication on social networking sites can lower users’ natural defences, leading them to harbour a false sense of security online.
It is, therefore, the utmost need of the hour, that we bring more security-related awareness to common users – so as to make their social media experience relatively more secure.
It was during the Karachi Social Media Summit back in June 2011, where during a lecture on social media security, that I had successfully mounted a man-in-the-middle (MITM) attack against the summit participants. I was able to compromise the security of the Twitter and Facebook accounts of arguably the best and the brightest of Pakistan’s blogosphere and social media users. Of course, the purpose of this was not to violate anyone’s privacy, but to highlight that anyone could be a victim. I then used the summit as a platform to address the situation and to make people aware of the possible consequences of being so unguarded. It was to assure them that my intention was far from malevolent and neither was I a “black hat”. This enabled me to directly influence the gurus of the Pakistani blogging community to adopt more secure means of sharing information online.
Following are some of the points that I made to them, which I believe are very useful for anyone:
1. Spam links While using a social media website, be very careful about which links you click on. It will take you only an extra second to hover your mouse over a link and ensure via the status bar of your browser that they are pointing to the correct website. This includes pictures and videos, supposedly being made viral via grey hat methods. I am sure many of you have suffered these malware infections on Facebook. You have no one but yourself to blame if you fall for it. Hence, avoid falling for temptation the next time you see a suspicious picture or video on Facebook.
2. Strong password The importance of a strong password can never be highlighted enough. One must always use a strong and hard-to-guess password. A mix of upper and lower case letters, alongside a special character (like !@*&$) and digits would make a strong password. Now I understand how cumbersome this may seem, but it will save you from a lot of potential headache – the one that follows when your account gets hacked because you set your date of birth as the password.
3. Sharing information online Do you know that the majority of e-mail and social media accounts are not hacked by computer geniuses, or even coders? It’s people who are good ‘Social Engineers’ that turn out to be the best hackers. Almost all services require you to enter a ‘Secret Question’ alongside a ‘Secret Answer’ as a method to retrieve your password, in case you forget it. For that, many people usually enter information like the first school they went to, or the city that they were born in. They then go ahead and publish that information openly on Facebook as well. To put it mildly, you might as well go on Facebook and publish your password on your timeline. For someone with relatively good social media skills, it will not take a lot to mine such information.
4. Virus-free computing Maintain a virus-free computing environment. Use antimalware and antivirus software on your system on a regular basis.
5. Scammers Be careful about who you add on your Facebook account and the amount of information you share with them. Scammers can use photographs and personal information of your friends to make you believe that you are adding them.
6. Open wireless connections Try being wary of using open (read: unsecured) Wi-Fi networks. While the temptation can usually get most of us, remember that such open networks may be used as honeypots to intercept, store and decode your information and launch MITM attacks.
7. Secure Sockets Layer (SSL) Always use Facebook, Twitter and other social media services using Secure Sockets Layer (SSL). To implement SSL, do the following: i) Secure Facebook: Open Facebook settings, click on the security tab to the left, open the option for enabling secure browsing, and click enable. ii) Secure Twitter: Open Twitter settings, scroll all the way down and enable ‘Always Use HTTPS’ setting.
8. HTTPS Everywhere Head over to www.eff.org/https-everywhere and download the HTTPS everywhere utility for your Chrome or Firefox browser. It will enable you to communicate in a relatively more secure way on almost all major websites.
9. Privacy policies All major social network services have specific privacy guidelines that are published on their websites. Take the time to read and understand these documents, since they include the types of information that the websites will reveal – or sell – to third-parties.
10. What to do, if compromised If you believe that your account has been compromised, immediately change your password. Delete spam posts or uninstall any malicious Facebook app you suspect may be spamming your account. Clean your cache, and preferably run an antivirus/malware scan on your system to be on the safe side.
Social networking websites are excellent tools for sharing information. However, like all other spheres of life, adopting a more responsible behaviour towards their usage can go a long way in ensuring that your social media experience remains stress-free.
— Abdullah Saad is the co-founder of Wccftech.com and tweets at @kursed
