Evil Twin Attacks |
4 |
INFORMATION IN THIS CHAPTER
• Protecting Ourselves and the Ones We Love
So, how many friends do you have on Facebook, Twitter, or MySpace? More than likely you have quite a few. The question is, “How many of those friends are actually the people you think they are?” Initial response is probably “all of them.” Do you know that for certain? How do you know they are really the people they say they are?
One of the only methods to know that your friends are really “your friends” is to call them on the phone and talk to them before you accept their invite. So, if these people are not really your friends, who are they? That’s a simple answer: “No one really knows.” These people are imposters that impersonate other people. The reasons for impersonating other people can range from defamation of the persons’ character to trying to extract money from people.
You may be wondering why people would want to impersonate others and that is what this chapter is dedicated to. One of the main reasons is the way people handle their online privacy. Think about it: if someone walked up to you on the street and said they went to high school with you, would you just start giving them all of your private information? You probably wouldn’t. More than likely, if you didn’t recognize them, you would grill them to determine that they are who they say they are before you would ever share your personal info with them.
Now, think about how we share information online. Someone sends you a friendly request saying they went to school with you. You determine that the name sounds familiar and their profile photo looks familiar, so you accept their friendly request. That person now has access to all of your personal information in your profile. Guess what? Most of us put way too much information into that personal profile. So, we accepted the friendly request – did we really know the person is who they said they were? No, we didn’t. This analogy is a simple example of the trust we have online. It’s a little scary, isn’t it?
You should find this really interesting. During an interview with TechCrunch Mark Zuckerberg, CEO of Facebook, he stated “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time…But we viewed that as a really important thing, to always keep a beginner’s mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.”1 Basically, he is saying that people have become comfortable with sharing information online and don’t care whom they share it with.
This may be true for some people but not for all people. More to the truth, people don’t realize what information is being shared with people. If people realized how their information was being shared, they would take more of interest in controlling what information is being shared. This all comes down to educating people on this and providing them with the tools to protect themselves. This is exactly what we are going to do here.
Do you have an Evil Twin out there? You may and you may not even know about it. Evil Twin attacks originated in the world of Wi-Fi. They were rogue access points that were disguised as legitimate access points. The attacker would set up these access points to perform a man-in-the-middle attack. They would be able to eavesdrop on one’s wireless communications and gather information such as account information, passwords, and personal identifiable information.
NOTE |
A man-in-the-middle attack is an attack that intercepts a communication between two systems. An example of this would be in a Hypertext Transfer Protocol (HTTP) transaction and the target is the Transmission Control Protocol (TCP) connection between the client and server. By utilizing a multitude of techniques, the attacker is able to divide the TCP connection into two new connections. These new connections are between the client and the attacker and between the server and the attacker. After intercepting the connection, the attacker is able to act like a proxy. By acting like a proxy, the attacker is able to read, insert, and modify the information contained within the connection. |
So, if this type of attack deals with Wi-Fi, why are we even discussing it here? The answer is pretty simple: this form of attack has mutated and is now running rampant on social networking sites. Instead of rogue access points impersonating legitimate access points, we now have rogue users impersonating legitimate users.
It is important to note that this attack is by no means a technical attack. When used with a social network this type of attack is actually more of a social engineering attack. Remember that a social engineering attack is one in which a person falsely claims to be someone they are not in order to gain information they are not entitled to.
You may be wondering why someone would want to impersonate another person. There are a multitude of reasons and a few are listed below:
• Financial gain By impersonating a person they can attempt to get money from the person’s friends by claiming to be that person.
• Defamation By impersonating a person they are able to post comments by that person that are not true.
• Stock churn This one goes along with financial gain. By impersonating a highlevel employee of a company they can post false statements that could influence the trading of the stock.
• Cyber-bullying This has been very well covered in the news. By impersonating a person you can post negative statements to another person’s profile with the intent to hurt them.
As stated earlier, these are only a few of the reasons a person would impersonate another. This is only limited by one’s imagination. Now that we have an idea of why people impersonate, you may be wondering what types of people are impersonated. The easy answer is anyone. A list of some of the different types of people who have been impersonated are as follows:
• Celebrities
• Athletes
• Political officials
• Executives
• Normal people like us
You may be wondering how people do this. It is a lot easier than you may think. We will take a step-by-step look at how to do this in section Creating the Evil Twin, but for now there is a good example of a person impersonating another on The Wall Street Journal blog Speakeasy at http://blogs.wsj.com/speakeasy/2009/08/13/sarah-palins-facebook-alter-ego-gets-found-out/.
In this chapter, the gentleman decided to impersonate Sarah Palin. He didn’t do it for any malicious purpose; he just wanted to see what it felt like to be her. This is where it starts to get scary due to the ease he had in creating the profile and impersonating her.
He decided he would impersonate her on Facebook. To create the profile, all you have to know is a name that is not in use and an e-mail address. So, after trying different variations he came up with “Governor Palin,” which worked. Now very few people were going to believe that he was her without a picture of her on the profile. We know this is not very difficult to get. So, he used a picture he had found of her on the Internet. He then posted in his status “Happy 4th of July and God Bless!?!” We all probably agree that this is a pretty generic profile.
Within minutes of posting the profile, he had about 100 friend requests. He started updating the page on a daily basis and posting messages about Palin’s love of God and country. Every once in a while he would post a message that was total nonsense. He did this to let people know this wasn’t really Palin. A few people would make posts about how they didn’t believe this was her; however, this didn’t affect the majority.
When Palin announced she was resigning as governor, he saw a massive uptick in friend requests. He even had people asking where they could send donations for her next move. He never accepted any donations.
The longer this charade went on, the more he would post ridiculous posts that Palin would never say. So, more and more people started becoming skeptics and eventually Facebook shut him down.
If this doesn’t open your eyes, nothing will, except maybe the next section. At least this person had no malicious intent – think of what could’ve happened had he had malicious intent. Regardless, impersonating another person is illegal and the person doing it can be prosecuted.
Now that we are a little nervous at how easily this can occur, it’s time for us to get downright scared. We are now going to take a step-by-step look at how easy it is to create an Evil Twin account.
Now we get to do the fun stuff. In this section, we are going to take a look at what it really takes to create an Evil Twin attack. You may be surprised at how easy it is to get the information we need and the process we go through. Time for a little disclaimer: do not do this at home and we made an Evil Twin of one of the authors of this book. With that out of the way, let’s get started. We will need the following information before we can begin:
• The person’s name we want to impersonate.
That’s all we need. Now if we want to make it more believable, we will want to have the following information as well:
• Birth date
• Hometown
• Employer
• High school
• Special groups they may belong to
• A profile photo
• More photos of the person and their family
• City and state they currently live in
You may be thinking that this information is going to be hard to get. Guess what? It isn’t. All you need to do is go to Facebook and search for the person. Even if you are not friends of the person, you will have access to all of that information. Why you ask? Because the default privacy setting for it is “Everyone” and we learned earlier that means everyone can see it. However, we do have some security-conscious users out there that do change their default settings. If this is the case, you would not be able to see this info. So, how do we get it? Pretty easy – do a search for them on Google or look the user upon another social networking site. More than likely, you will find the information you are looking for.
Now that we have the info, we can begin. There is a process we will need to go through to create the attack. Don’t worry though, it’s not very intense. The steps we will need to go through are as follows:
• Create a bogus e-mail account.
• Create Evil Twin account.
• Start inviting friends.
Why do we need to create an e-mail account? That’s simple, silly: we need to be able to receive communications, and you must have an e-mail account to create and verify your Facebook profile. Now, do you really want to use your valid e-mail account when doing something bad? Didn’t think so.
Creating a bogus e-mail account is very easy. With the plethora of online e-mail accounts such as Hotmail, Gmail, and Yahoo to name a few, all you need to do is determine which one to use.
For our exercise, we are going to use hotmail. So, what do we need to do to create a hotmail account? Not a whole lot. Figures 4.1 and 4.2 illustrate setting up a hotmail account. What we need to do is the following:
1. Go to www.hotmail.com.
2. Click on sign up.
3. Fill out the form.
4. Click submit.
The tricky thing with e-mail account creation is making sure the name is unique. All one has to do is try different combinations of the person’s name until they find a unique name. Also, the security question and birthday are irrelevant at this point. Not too hard, huh? Guess what happens after we hit submit? That’s right – the account is created.
Now we have a nice bogus e-mail account that we can use for our mischievous desires. The great thing about it is that it looks like an e-mail address the person would have, and it is not traceable to us. It is now time to create the Evil Twin account.
This is the part one would think is the most difficult. However, it is just as easy as creating the bogus e-mail account. To create this account, we will need to do the following:
1. Go to www.facebook.com.
2. Fill in the personal information.
3. Click submit.
4. Skip through the personal information wizard.
5. Search for the person you are impersonating.
6. Right-click their profile picture and save it.
7. Upload the profile picture.
8. Fill out remaining profile.
9. Validate account.
FIGURE 4.1
Creating a Hotmail Account
When creating a new e-mail account, the account name must be unique. However, this is not true with a Facebook profile. You can create a profile with the same exact name as another profile – the only item that must be unique is the e-mail address assigned to the account. We could’ve created the account with the name “Carl Timm” even though a “Carl Timm” account already existed. However, we decided to keep the middle initial in the profile name so it matched up with the e-mail address. To accomplish this, we had to enter Carl M. in the first name field and Timm in the last name field. Pretty convincing, isn’t it? Figure 4.3 shows an illustration of entering this information.
Don’t forget to use the e-mail address we created earlier as the e-mail address. As for the birthday, you can either make one up and not display it or use the person’s actual birthday and display it.
FIGURE 4.2
That’s All There Is to It!!!!!!
FIGURE 4.3
Entering the Information
Next, you will be presented with a wizard to add personal information, contacts, and other information. Just skip this for now. Figure 4.4 is an example of the profile wizard.
Now we are brought to our profile screen. The first thing we are going to need to do is add a profile picture. We want this picture to be a picture of the actual person. The easiest way to get this is to search for the person. When you find the person, you can just right-click the image and save it to your desktop. You can use the same method to get other photos of the person and their family as well. You will just need
FIGURE 4.4
Skip the Profile Wizard
FIGURE 4.5
It’s Like Taking Food From a Baby!!!!
to double-click on their profile and then select photos. This stuff is way too easy, isn’t it? Figure 4.5 demonstrates stealing (uh, downloading) a profile picture.
We are almost done. If we did our research of the victim (I mean, person) earlier, we should already have all their personal information such as
• High school
• Employer
• Birthday
• Marital status
• Hometown
• Current city
How did you get all of this information? By simply visiting their Facebook profile. Not too hard, is it? Figure 4.6 is an example of editing a profile page.
All that is left is to confirm the account. This is a security feature they put in to make sure that people don’t create bogus accounts. This really helped out in our case, didn’t it? All we have to do is go to our bogus hotmail account, open the Facebook confirmation e-mail, and click on the link. Figure 4.7 show an example of one of these e-mails.
Are you overwhelmed or scared at this point? Hopefully, this makes you a little scared at how easy it is to create an Evil Twin account. This entire process took maybe 20 min to complete. So, imagine how many of these accounts a person could create if they wanted to. Now that we have our nice new shiny profile, we can start getting friends.
TIP |
The first thing that you should realize with this is not to be scared of Facebook alone. They are not the only ones that are vulnerable to the Evil Twin. It is just as easy to set up Evil Twin profiles for any of the other social networking sites, such as MySpace and Twitter. The problem with this is that the social networking sites can’t really monitor this type of activity. It is up to you to monitor your own account. One suggestion would be is to search your name once in a while and make sure that none of these accounts exist. If you find any, you need to contact the social networking site and they will remove the account. |
FIGURE 4.6
Making It Real!!!!!!
FIGURE 4.7
That’s All She Wrote!!!!!!
Now that we have created our profile, we need to add friends. You can do this through multiple different methods. The following is a list of some of the methods of adding friends:
• Join groups.
• Send requests to people from the same high school.
• Send requests to people from the same employer.
• Send requests to people that are friends with the victim on other sites but not this site.
Well, we have now created an Evil Twin account and made friends, what do we do next? That’s up to the attacker. They will usually either try to get money from people, defame people, or just gather information about other people and repeat the process. Remember that information is power and information can be sold.
People share all kinds of information on their profiles, including
• Home address
• Mobile number
• What bank they use
• Where they shop
• Where their kids go to school
• Other account information
Any of this information can be used for malicious purposes. And let’s not forget that we put ourselves and the ones we love in harm’s way when we share personal information so freely.
This raises the question, “What can we do about it?” That is exactly what we are about to look at.
This section is an interesting section. We have to take a look at a couple of different items. The first one is how we keep ourselves from becoming friends with a person that is an Evil Twin. The second one deals with protecting ourselves from becoming an Evil Twin. So, we should probably begin with protecting ourselves from becoming friends with an Evil Twin.
This is a really hard item to protect ourselves from. It’s not impossible, just hard. To make sure we are not befriending an Evil Twin, we need to make sure the person is who they say they are. There are a few things we can do to protect ourselves here. We can do any or all of the following:
• Call the person and ask them if they sent the request. This will usually only work if you keep in contact with the person currently.
• Send an e-mail to the person to verify it is them. This would include asking them questions that only they would know.
• Make sure there are not multiple profiles for the person by searching their name. This will not eliminate the possibility of an Evil Twin, just reduce it.
• Simply don’t accept the request. Do you really want to be friends with people you haven’t spoken to since high school anyway?
From a corporate standpoint, there are a couple of few things they can do to help protect their companies and employees from this. The list below is only a few suggestions.
• Don’t allow social networking usage at work. This will not help the employees when they go home, though.
• Educate employees on this type of attack and inform them on what they should do to help protect themselves.
• Monitor the social networking sites for Evil Twin group accounts of the company. An example of this could be a group called “Employees of company name.”
• Monitor the social networking sites for Evil Twin accounts of Executives of the company. This can be accomplished by searching the sites for the Executives names and notifying the social networking site should an Evil Twin account be found.
• Assist employees of the company in monitoring their social networking profiles for Evil Twin accounts.
An important item to remember when accepting friend requests is that you not only endanger yourself, but people you are friends with as well. When you accept a friend request they have access to all of your info, information of friends available to everyone, and information of friends that they only allow friends of friends to see. Think about it, your friends are entrusting you with their privacy. You should not put them at risk.
As stated earlier, there isn’t a lot you can do to protect yourself from becoming friends with an Evil Twin except for using your common sense and being cautious. However, there are a lot more things we can do to protect ourselves from becoming an Evil Twin.
Isn’t a little frightening thinking about how easy it has become for someone to impersonate us online? It is really scary when we hear the thoughts of the people leading these social networking sites. Going back to the quote earlier in the chapter by the CEO of Facebook:
People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time…But we viewed that as a really important thing, to always keep a beginner’s mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.1
Really think about what he is saying here. He is saying that people have become so comfortable with sharing information online that they don’t even care about their own privacy anymore. This is probably a true statement for some people, but it is not true for all people.
Facebook has even taken the stance on telling people to set their profiles to Everyone, because it will make it easier for people to find you. What this really means is that they don’t believe people care about their privacy, and by setting their profile to Everyone more people will find you and drive more traffic to their sites.
With these types of feelings by the social networking sites, what can we do to protect ourselves? First and foremost, we need to understand what information is being shared and what we can do to restrict this as much as possible. We cannot prevent all of our information from being shared on these sites.
When using social networking sites our information is shared in three ways:
• Information that is shared with people
• Information that is shared with the social network site
• Information that is shared with applications
Before we can even begin to talk about this, we first need to understand the privacy settings. We will take a look at the privacy settings on Facebook.
How many of you currently understand the different levels of privacy on Facebook? Probably not many. The reason for this is that we are not presented with this information when joining the social networking site. Instead, we have to dig around to find it.
Facebook has the following four privacy levels:
• Friends Information is only available to be seen by people that you have accepted as friends.
• Friends of Friends Information is available to be seen by people you have accepted as friends and people they have accepted as friends.
• Everyone Anyone on the Internet, anyone viewing your profile, and any Facebookenhanced applications and Web sites you access.
• Publicly Available Information (PAI) Unlike the other privacy settings, this one is not an option. Instead this is the category of information in your profile that Facebook makes publicly available. With this setting, you are not able to set any privacy settings to prevent disclosure of information in this category, and anyone who finds and visits your profile page can see this information, as can any application that you or your friends use. This information includes your name, profile photo, list of friends, pages you are a fan of, gender, networks you belong to, and current city.
The first item we want to look at is how our information is shared with other people. Figure 4.8 illustrates the default settings for a Facebook profile.
Table 4.1 is a summary of the different privacy levels and who is able to see your information when set to that level.
FIGURE 4.8
Facebook Default Settings
So, what does all of this mean? Well, let’s discuss it. The following is the list of information that is available to anyone on the Internet:
• “About me” information in your description.
• Personal information such as interests, activities, and things you have set as favorites.
• Family information such as family members, relationship status, and what you are looking for.
• Education and work that includes where you went to school and where you work.
• Your photo albums. This includes any pictures you may have of your children in your profile.
• Posts you make such as status updates, links, notes, and anything else you may post.
That is quite a bit of information to share with people you don’t even know. Bet you didn’t know you were sharing all of this by default. It is highly recommended that you not follow Facebook’s advice and set stuff to “Everyone.” Instead change this information to “Friends.” You can even change some of this to “Friends of Friends.” Just make sure you don’t share info that you don’t want others knowing. And personal information such as address and phone number should never be included in your profile.
Now there are a few items that they have defaulted to Friends of Friends. Remember that this information is available to all of your friends and people they have made friends with. These items include
• Birthday
• Religious and political views. Don’t you think your family information may need to be more private than this?
• Photos and videos of you that you have been tagged in. You should allow tagging of yourself in these items anyway.
• Posts by your friends on your profile
The only item that is set to “Friends” is the information you post on your wall. This just doesn’t make a whole lot of sense. Why are your posts more important to keep private than your personal information that can be used for identity theft?
To change these privacy settings, you just need to go into your profile and select settings | privacy settings | personal information. That was just our personal privacy settings; we also have privacy settings for contact information, applications and Web sites, search, and block list.
For contact information, the default settings are as follows:
• IM Screen Name – Only Friends
• Mobile Phone – Only Friends
• Other Phone – Only Friends
• Current Address – Only Friends
• Web Site – Everyone
• Hometown – Friends of Friends
• Add me as a friend, allows you to control who can add you as a friend – Everyone
• Send me a message, allows you to control who can send you a message through Facebook – Everyone
• Personal e-mail address – Only Friends
This has to sound like a broken record by now; however, you must be cautious with whom you become friends. Sounds like our parents, doesn’t it? Look at the personal contact information they can get. It is more advisable to not even include such items as phone number and current address.
WARNING |
On December 9, 2009, Facebook announced a new transition tool that all users are required to use that created accounts before that date. This transition tool will allow users to change their policy to fit the new model. However, should you blindly accept the default settings of the tool, you will have lowered your privacy settings from the original defaults. Table 4.2 provides a comparison of some of the original defaults to the new recommended settings. |
This next item is of grave importance. We are talking about applications. You must understand how your information is shared with applications. Applications can get your information without you even using the application.
Applications can gather the following information without your permission:
• Information you have set to Everyone
• Name
• Profile picture
• Gender
• Current city
• Networks
• Friend list
This information is shared regardless. There is nothing you can do about it except not include the information in your profile. If an application requires more information, the application will request for it. After that point, it will have full access to the information. It is very important that you make sure to be selective on the applications you use. Applications are primary method of spreading malware and as attack vectors. They are also a means for attackers to gather large amounts of private information.
By navigating to settings | privacy settings | applications and Web sites, you will reach the application and Web sites privacy settings. On this page you can do the following:
• Learn what information is shared with applications, which we already covered.
• Control what information your friends share.
• Block applications from accessing your information. This allows you to block certain applications from accessing your information.
• Ignore application invites from specific friends. This allows you to block certain friends from sending you application invites.
A good security feature in Facebook is allowing you to control the information you share with friends. This section allows you to select and deselect information that you want to share. However, it is important to note that if you choose not to share certain information with friends, it will still be shared with applications. Figure 4.9 illustrates the default settings for this section.
The search section of privacy settings is an interesting one and not the one to be overlooked. In this section, you can choose who can search for you. By default it is set to “Everyone.” However, you can change that to one of the other settings. The item that you may overlook in the section is the “Allow” checkbox. It is checked by default. What is this mysterious checkbox, you ask? It is the checkbox that allows all of your public information and anything you have set to Everyone to be accessible by search engines. Bet you didn’t even know that was there. It is definitely suggested that you uncheck that box.
Finally, the last privacy setting we have to look at is the “Block List.” This section allows you to block specific people from interacting with you on Facebook. You would use this if you suspected an Evil Twin attack, an unethical person, or anyone you just may not want to deal with.
FIGURE 4.9
Default Information Sharing
At the end of the day, the social network sites are not going to protect us by default. Their business is to drive more people to their sites and they do this by being more visible. However, they have not left us out in the cold. They have provided us with tools to help us control our privacy to some extent. Notice we didn’t say “totally.” It is our responsibility to understand how to protect ourselves on these sites. This includes using their tools and not providing information we would want the world to know.
With this in mind, it is very highly recommended that you read the entire privacy policy of any social networking site you decide to use. The privacy policy for Facebook can be retrieved at http://www.facebook.com/policy.php. This policy contains the following sections:
1. Introduction
2. Information we receive
3. Information you share with third parties
4. How we use your information
5. How we share information
6. How you can view, change, or remove information
7. How we protect information
8. Other terms
It is guaranteed that you will find some information in this policy that you do not like. Some of these items include the fact that your photos and things you have done on the site are owned by Facebook. That means when you decide to leave and delete your account, your information is still going to be there. Remember it is your responsibility to know what you are getting yourself into.
However, a civil lawsuit was filed against Facebook in California in August of 2009. As reported by Computer Weekly at http://www.computerweekly.com/Articles/2009/08/19/237366/Privacy-lawsuit-filed-against-Facebook.htm, “Five Facebook users in California filed a civil lawsuit against the company…alleging that it violates privacy laws and misleads members.”2
The complaint alleged that Facebook had violated California and online privacy laws by sharing the personal information posted by users with third parties. The complaint also alleges that Facebook practices data mining and harvesting without letting the members know it is going on.
This is not the only lawsuit that has been filed against Facebook for privacy violations. PCWorld reported at http://www.pcworld.com/article/184029/facebook_halts_beacon_gives_95m
_to_settle_lawsuit.html, about a settlement that Facebook had agreed to about its Beacon program. The Beacon program allowed third-party Web sites to distribute “stories” about Facebook users. They settled by terminating the program and set up a $9.5 million fund for a nonprofit foundation that will support online privacy, safety, and security.
This just goes to show that people are getting tired of their information being shared without their knowledge. However, we do need to read these privacy policies and understand what information is being shared. If the site doesn’t disclose this information, don’t join the site.
EPIC FAIL |
There was an article published by The Globe and Mail at www.theglobeandmail.com/news/technology/article683881.ece that you should find interesting: A teen boy decided he was bored and wanted to try something new. So, he decided to impersonate one of his teachers on Facebook. The teacher had not strengthened the privacy settings and the student was able to gather enough information to create a profile with photo and biography. The teacher learned of this and turned it into the authorities. The authorities decided there was enough defaming information to press charges. The teen now faces charges of personation, which is a charge of impersonation with criminal intent. The teacher could have avoided this by better controlling what information they shared by excluding information and using Facebook’s privacy settings. |
Evil Twin attacks, or impersonation, is a growing avenue for attackers. It allows them to impersonate people and companies while using that profile for financial gain, defamation, cyber-bullying, physical crimes, and personal identifiable information gathering.
The implied trust people have in these sites have made them more vulnerable than ever. So, it makes total sense that these types of attacks are easy for people to fall victim to. A good majority of people blindly trust that people are who they say they are online. By accepting friendships blindly, we open ourselves and the ones we love up to a multitude of potential dangers.
We expect that the social network sites are going to protect us. Wake up and realize it is not currently their responsibility or business model to do that. Their business is to drive more revenue to their sites. How do they do this? Simple, by increasing the number of users on their sites. The more information you share on their sites makes it easier for people to find you. Then those people will come to their site, join, and then start using it. What tends to be forgotten is that with all this information available, we are not only attracting legit users, but we are attracting the bad people who want to take advantage of us. So, there is no wonder the social networking sites have taken the stance they have on privacy. With that in mind we need to take ownership for our privacy and make sure it is protected.
There are multiple measures we can protect ourselves, the ones we love, and the ones that write our paychecks: The first step is educating ourselves and the one’s we love. This means that we need to educated ourselves on the privacy policies of the sites we use. We need to understand what the different privacy settings mean and use them to limit our exposure. Do not, and we repeat, do not accept the default settings the sites provide you with. We can also cut down on the information we share. Think about it: would you share information about your children and where they go to school with a total stranger? Didn’t think so. Limit your children’s use of social networking sites. Remember they are vulnerable when they are on there. Children do not have the real-world experience – we do and will more blindly trust people. The most important thing to remember at the end of the day is that the information is ours and we can blame no one but ourselves for not protecting our information. Take the responsibility and protect yourself, the ones you love, and the one who writes your check.
1. http://www.switched.com/2010/01/11/facebooks-mark-zuckerberg-claims-privacy-is-dead/
2. http://www.computerweekly.com/Articles/2009/08/19/237366/Privacy-lawsuit-filed-against-Facebook.htm
