Welcome!
If you have an account, please:
Log in

Facebook Secretly Adds Applications to Your Profile

Facebook
(Image used under: Creative Commons 2.0 [SRC])

Wow. It seems like the last week or so, all I've talked about is Facebook! But it seems there's an awful lot to talk about! Check out what I found today:

If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don't have to have a Facebook window open, you don't need to signed in to these sites for the apps to appear, and there doesn't appear to be an option to opt-out anywhere in Facebook's byzantine privacy settings.

According to the source article, Facebook contacted them and told them it was a bug that has been fixed. That's the second such bug this week.

Tags: , ,

10 Reasons to Quit Facebook

Facebook
(Image used under: Creative Commons 2.0 [SRC])

This is awesome:

10. Facebook terms of service are completely one-sided
9. Facebook's CEO has a history of unethical behavoir
8. Facebook has flat-out declared a war on privacy
7. Facebook is pulling a classic bait and switch
6. Facebook is a bully
5. Even your private data is shared with applications
4. Facebook is not technically competent enough to be trusted
3. Facebook makes it incredibly difficult to delete your account
2. Facebook doesn't really support the open web
1. The Facebook application itself sucks

I agree so much with this. Facebook is trying to become the only provider and replace the open Internet much like AOL back in the day. I have long objected to their practices and privacy issues as well as their technical and security flaws. It would be nice if they could make moves in the right direction and become a more ethical business since the idea has a lot of potential if used properly.

The problem is I just don't see that happening. Until then, you may want to reconsider being a part of the system…just be careful when you do quit that you don't end up like this guy:

Stan tries to quit Facebook, Facebook resists

Tags: , , ,

Blippy – Share Your Purchases In Real Time With The World

A completely horrifying service that some people have actually signed up for.

When you first hear about Blippy, the purchase-sharing website, you would think that no one in the whole world would be crazy enough to sign up. You’d be wrong.

Blippy is a service where you can share your purchases on most of the major web stores in real time (similar to Twitter). ALF just got a movie at Netflix (Full Metal Jacket… classic!). Jessestay just bought something at iTunes for 2.99 ( Epitaph One, by Dollhouse). On and on the purchases go. As they scroll by, I learn more about where the people live, what kinds of things they like, and what kinds of secrets they have. One user just purchased an iPhone app to find, let’s say, non-traditional bars in his city.

Believe it or not, the complete transparency of your purchasing habits is the least of your worries on Blippy. This site, supposedly run by four average sounding college graduates, promises good security and protection of your information, but history shows that even major banks and government agencies are hard pressed to keep data safe. Especially if they’re a big target!

So what makes Blippy a big target? Well, you may have heard my advice not too long ago to never give away your e-mail address password to these new sites like Facebook and Twitter that use your address book to add friends automatically. Blippy does the same thing, but for your web stores AND your bank accounts too!

In case you missed it, let me say it again more clearly: Blippy gets their information of your purchases by logging into your iTunes, Netflix, or eBay accounts and constantly monitoring them for new purchases. And not just web stores, but banks and credit cards too. Bank of America, Citibank, Chase, Paypal, and American Express are just some of the ones they’re set up for currently. All you have to do is provide all your usernames and passwords for each service you want to share your purchases for with Blippy.

You don’t have to be a privacy nut like me to find that prospect completely horrifying.

Tags: , , ,

Using HTTPS For Secure Login and Payment Online

What It Is

Because businesses online quickly figured out that sending names, passwords, credit card details, and other sensitive information out unprotected over the Internet was a bad idea, SSL was implemented.

SSL, or Secure Sockets Layer, is an encryption technique that's already built into your browser. You can see in the screenshots for Firefox and Internet Explorer here where 1) the HTTP in the address bar is listed as HTTPS (where the S stands for "secure") and 2) there is a lock icon (at the bottom right of the window for Firefox and just to the right of the address bar for IE).

https in Firefox
https in IE

Why to Use It

Nothing on the Internet was designed with security in mind, all of it was added as an afterthought. So think about this: when you hit the "Submit" button on any webpage, you're sending data from your computer to theirs, but the Internet is a vast inter-connected web of computer systems that spans the entire globe. Somewhere between you and them could be someone monitoring the traffic.

If someone's listening in, they can look right at your data and take your name and password or any other sensitive data you sent. What happens if someone took your name and password and logged into your mail, your bank, or any other service? They could embarass you, spam people from your account, take your money, etc.

Any time you're about to log in or send form data for an account or online order, make SURE that the HTTPS is active. In some cases, you might have to use a trick or too to turn it on. As in these cases:

Case 1: Finding the option for enhanced security and clicking it.

Case 2: Using my login trick to activate security.

When to Use It

You are most at risk when using hotspots at hotels, airports, and cafe's. Consider that the hotel itself or at least all the people there have access to the wireless networking equipment you connect to. Since you are going through them for Internet, they can easily see anything and everything you send. The same goes for your Internet service provider and many of the people who work for them (though you might assume, right or wrong, that the ISP has better physical protections and auditing to prevent their employees from doing it).

Take blind faith out of the equation and make sure HTTPS is active instead!

Limitations

When you see HTTPS, it means you have a mostly secure end-to-end connection, but the first problem is that SSL isn't absolute security. It's way better than nothing, but if something you're sending is absolutely critical to you, maybe you should call it in instead.

Second, bad guys with fake websites can get SSL security too. All that happens then is you have a very secure connection between you and the guy that's going to rip you off. The first defense against this is to use my trick to avoid bogus websites in the first place.

The second tip is to just click the certificate itself to learn more about where you are. Click the colored area to the left of the address (for Firefox) or to the right of the address where the lock Icon is (for IE).

Checking to see if you have a valid secure connection in Firefox
Checking the SSL certificate in IE

This popup window shows you who the secure connection belongs to and who is validating that fact. In one, Equifax is verifying that the page you're on is Facebook.com while VeriSign is validating that you're on eBay.

Always remember to look for HTTPS whenever logging in or entering other important data online. If it's not there, maybe you should think twice about clicking SUBMIT.
Tags: , , ,

Beware of Hijacked Facebook Accounts

Facebook
(Image used under: Creative Commons 2.0 [SRC])

Of course this isn't a problem limited only to Facebook, but the FBI issued a warning about the rise of hijacking scams. This is where a bad guy gets your login information through various means and then poses as you on your account. They'll send an urgent request for help or money to all your friends who may be fooled and comply (as in the case of Bryan Rutberg).

Remember to use good passwords and protect them especially the password for your e-mail account (which can be used to unlock all your other accounts).
Tags: , , , , , , , ,

Facebook Security Hole Exposes Private Profiles

Even if you did everything right to keep you private photos and information private, a Facebook security flaw allows people to access it anyway. This isn’t the first time something like this has happened and I’d bet that it’s far from being the last. Tags: , , , ,

If you want to learn more about my professional background, click here to learn more. Otherwise, let’s get started - how can I help?

Online learning
On-site learning
Read my blog