Category Archives: Social Networking

VB Seminar 2010

I spoke at the VB 2010 Seminar in London on ways that Social Engineering can affect your business’ users.

During the talk, I used some links for demos (many thanks to my good friend Dave Marcus for originally showing me a few of these). For those that are interested, here are the links:

 

Andrew Lee
AVIEN CEO

The great wall of Google

So, we hear the news that Google ‘really has’ ceased censorship in China. At least, that is the meme currently working its way around the internet. Actually, this is rather disingenuous, and shows a particularly unsavoury side of how the Google PR machine really works.

If you’ve been living on Mars or want some background, here are a couple of links on the story.

http://news.bbc.co.uk/1/hi/world/asia-pacific/8582233.stm

http://www.guardian.co.uk/technology/2010/mar/22/google-china-shut-down-censorships

Of course, a careful read of these articles shows that Google have done nothing more than redirect their front page to their existing Hong Kong search page, and that the censorship (which operates automatically between the mainland of China and…well…everywhere else) is still very much in place.

Users inside China have no greater freedom now, and this is a very different situation than if Google had really put its money where its (big) mouth is and uncensored its .cn site search results. Clearly they wouldn’t do that though, as not only would it be illegal in China, it very likely would have caused them to have to pull out of the lucrative market they so badly want a piece of – instead of getting a bit of bluster from the Chinese government and maybe a slap on the wrist.

Do a search for, say, ‘Tiananmen Square’ from inside China, and as the Guardian article points out, the internet connection will reset. Lest we forget, this is part of what Google is complicit in covering up. The Chinese government have been almost entirely successful in expunging this monstrous event from the consciousness of those living in their country, and Google (and others) have not only not done anything to stop this, they have actively aided them in their attempts at revisionist history.

This is a security blog, so I’ll get to the point that everyone seems to be missing. This whole story erupted because, allegedly, Google suffered attacks on its Gmail network from inside of China. Let’s leave aside for the moment, the whole “buzz” fiasco which probably did Google far more harm, but this is the rather grubby truth that Google is managing to cover up so well with its big talk about not “being evil” and opening up the freedom of the internet (which they so eagerly avoided doing for so long in order to get their hands on those lovely Chinese RMB).

The point is, that rather than look at what they were doing that was wrong and securing their network; or finding out what led to the compromises against their network, Google instead simply threw their toys out of the crib and made up a new story about solidarity and freedom and so on. Do you trust Gmail more now that they’ve engaged the NSA to help them secure it? I didn’t think so.

It’s a shame that so many tech bloggers have focused on the smokescreen political issues and ignored slamming Google for the real issues, that its approach to the privacy and security of its users is time and time again a huge disaster. The real problem is that they’ve got the money and the PR machine to cover it up with a different story, and swamp all those dissenting voices to avoid having to have that brief moment of introspection that might acutally change things for the better…rather like a certain government, don’t you think?

Andrew Lee
AVIEN CEO

PleaseRobMe: too much information…

Sometimes I think I should just stop killing myself multi-blogging and retweet Graham Cluley’s blog URLs.

This is a good item, anyway.

The web site (Please Rob Me, not the Sophos blog) “…mashes together content from Foursquare and Twitter, providing an easy way for potential burglars and stalkers to find out where you are supping your cappuccino, and when you may have left your home empty…”

In fact, what the site has been doing  is auto-grabbing publicly available data from such sites and putting it all in one place, with the intention of highlighting the risk of giving away information that burglars and stalkers would find useful about your movements.

Graham comments that it will be interesting to see if FourSquare and Twitter try to stop PleaseRobMe snarfing the data from them. We already have part of the answer to that: Mikko Hypponen reported about three hours ago that Twitter had suspended the @pleaserobme account.

There’s been a series of infomercials on UK TV recently in which “members of the public” try to interest thieves and burglars in robbing them, and a whil ago there was a “reality” show in which an ex-burglar broke into people’s homes (with permission) and then lectured them on what they should have done to prevent it.

There’s would be a certain felonious irony if PleaseRobMe were to get accused of having stolen part of their idea from these sources. 😉 In fact, though, the site is Dutch, according to the BBC, so maybe not.

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://avien.net/blog
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com

You can’t always read Facebook on a train

When I saw an MSN article headed Facebook friendships ‘not real’, I was expecting something about lack of validation of Facebookers’ identities. Which is indeed an issue, though not a new one. “On the Internet, nobody knows you’re a dog.” Or, indeed, a wolf in sheep’s clothing.

But no… All this time we’ve been making a fuss about the lack of security and privacy on social network sites, it seems that we’ve been getting it wrong. The problem isn’t security at all.

According to a recent survey, most of us see our friends much more on Facebook than we do in person. Apparently, this becomes truer as you move up the age range. Well, I guess you have to meet your friends in order to get smashed with them.

Anna Richardson, described by MSN as a “Channel 4 presenter and relationship expert” apparently commented:

A Facebook friendship is a poor substitute for actually meeting up with a friend as you miss out on the personal engagement and real connection that you need to build a strong friendship.

It is difficult to make time for friends when juggling busy lives, but without making the effort, there’s a danger that precious friendships are becoming lost in the digital era.

Her advice is to log onto http://www.railcards.co.uk/, buy a railcard and… oh, wait a minute. You can apparently get taxis, finance, holidays, accommodation, broadband, car insurance and many other things at railcards.co.uk, but not railcards. I guess she (or more probably MSN – nice proofing, guys…) meant http://www.railcard.co.uk/, which offers a range of discounted passes for rail travel in the UK. OK, so I should login and buy a railcard (yes, Ken, I am eligible for a Senior Railcard: don’t rub it in…) at www.railcard.co.uk… oh, wait another minute. Isn’t that who commissioned the survey? Well there’s a coincidence….

So I get my railcard and wander down to the station, and get on a train at a reduced rate, and go and see my Facebook friends.

“I’d like a ticket please, to Western Australia, Pennsylvania, Bratislava, Florida, San Diego, the Philippines, Helsinki, Reykjavik, Chennai…”

David Harley FBCS CITP CISSP
Security Author/Consultant at Small Blue-Green World
Chief Operations Officer, AVIEN
ESET Research Fellow & Director of Malware Intelligence

Also blogging at:
http://avien.net/blog
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com
http://macvirus.com