Triona's Tech Tips

Facebook has introduced a FourSquare-like feature that allows you to share your immediate physical location with your friends. Unfortunately, it defaults into sharing this information whether you want it to or not.

This feature has sparked a new round of debates over Facebook privacy, with the ACLU of Northern California issuing a statement saying, “In the world of Facebook Places, ‘no’ is unfortunately not an option.”

Facebook Places allows you to share your location with the click of a button, which works particularly well with smart phones and other mobile devices. However, even if you don’t post a location yourself, a friend could still tag you with location information which would then be visible to others. Unless you intend to use Facebook Places, I encourage you to disable it. Facebook says they have made it easy to do so, but the process seems non-intuitive.

• First, go to Account, then Privacy Settings in the upper right hand corner. Click the “Customize Settings” link. Under “Things I Share,” change “Places I check in” to “Only me” and uncheck the Enable box for “Include me in ‘People Here Now’ after I check in.” Under “Things Others Share,” change “Friends can check me in to Places” to Disabled.

• Go to Account, Privacy Settings and click “Edit my settings” under “Applications and Web sites” at the bottom of the screen. Next to “Info accessible through your friends,” click “edit settings” and uncheck “Places I’ve Visited.”

I also suggest that you do not set your account permissions to Everyone, as it leaves your information wide open. In the computer security world we advise that security settings always default to maximum rather than minimum, a policy I wish Facebook would follow.

You’ll have to take your Facebook security into your own hands by routinely reviewing your Privacy Settings, because they may change as Facebook introduces new features or upgrades old ones. And remember, privacy on the Internet is a meaningless term. Expect that anything you post on Facebook or elsewhere can be revealed, and don’t say anything that you don’t want to be public knowledge.

Each year I give parents a roundup of the best parental control software on the market.

Parental control software offers automatic blocking of inappropriate sites as well as content and image filtering. You can schedule when the Internet is available to your kids, log instant messages, keep tabs on social networking sites like Facebook and MySpace, and monitor mobile communications. New to parental control software is the ability to protect from cyberbullying.

I continue to like SafeEyes, available for Windows and Mac. NetNanny and CyberPatrol have also been upgraded with new features. While Windows and Mac offer built-in parental controls, as do many security suites, they are no substitute for a dedicated program.

Hardware parental controls are physical devices that sit between your home network and the Internet. At this point there are none I recommend because they slow down your network and can easily be removed by wily kids. However, you can configure some home routers to perform certain parental control functions like content filtering.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

If you get an email from Facebook saying there is a message for you, do NOT click on the link. Visit Facebook’s site directly instead to respond to any and all messages.

Like the Facebook update scam I dissected for you a few months ago, this latest scam tries to trick you into clicking a potentially malicious link by mimicking a legitimate Facebook message. Take a look at this screenshot and compare it to the Facebook update scam. You’ll see similarities, including the use of Facebook formatting and logo as well as a legitimate-looking link. However, the link actually redirects you to a malicious site. The site on this particular message has already been blocked as being harmful; it probably belongs to some innocent victim whose web site was hacked to deliver viruses or harvest passwords a la the Twitter DM worm. But there are plenty of other phony sites out there that may not have been blocked.

In my case I was alerted to the scam because I’d never heard of the people from whom the messages were purportedly sent, but that’s not a foolproof way to tell if a message is fake or not. Facebook accounts can be hacked, and false messages sent. This grants the fake messages an undeserved level of trust because they come from someone you know–and that’s the point. Cybercriminals know people are unlikely to click on unsolicited links and far more likely to click on something sent by someone they know. The best way, as I said, is to distrust all email links no matter who they’re from. You are far safer visiting the Facebook site directly and checking your messages from there.

We’ve talked before about Facebook privacy, or lack thereof. Facebook is facing such public scrutiny over privacy, it’s hard to keep up with the number of changes they’ve made. They’ve expounded upon their improvements to news media and set up a page dedicated to privacy. But given the popularity of social networking sites and the multitude of ways they can be exploited to trick unwary users, I expect privacy will remain an issue for some time to come.

Many people believe the illusion of privacy offered by social networking sites. They think they are conversing in a private setting, when in reality that information can easily end up on search engines and other public places. Google and other search engines routinely index data from Facebook and other social networking sites, and data can slip through even if your privacy settings are set to maximum.

Security also remains a concern for Facebook users. Clickjacking–tricking users into clicking links–has become so prevalent on Facebook it’s earned its own term: “likejacking.” A recent worm using link-bait such as “The Prom Dress That Got This Girl Suspended From School” has infected hundreds of thousands of Facebook users. Clicking the link marks it as “like” to your Facebook friends, giving it unwarranted credibility and helping to spread the worm. Worms like this may also attempt to gain control of your Facebook page or use malicious code to introduce viruses into your computer. Other scams use recent events like the World Cup to entice you into clicking links that purportedly go to video clips. You are then prompted to download software to view the videos, but the downloads are viruses. All those links that claim you will get X number of goodies for Farmville or other games are mostly scams. Criminals may even try to “friend” you from phony accounts so they can target you for burglaries and other crimes.

In other words, social networking sites are about as secure as sieves. What’s a Facebook user to do? My advice is to remember that anything you say on the Internet is public, regardless of your privacy settings. Don’t post information about your children, your vacation plans, or other information than could be used against you. Be wary when clicking on links, and make sure you have a good security suite that is continually updated. And, as always, stay tuned to Tech Tips for the latest computer news.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Social media sites like LinkedIn, Facebook and Twitter are widely used, but they can also take a big chunk out of your day. How can you manage your social media time?

1) Schedule when you’re going to use social media sites, then stick to it. If you limit your time to, say, a half hour every morning or an hour twice a week, you’ll get more out of your time online plus save room for the other things you need to do.

2) Integrate your efforts by using tools that let you send a single post to multiple places. For example, you might use LinkedIn’s Twitter feature to automatically post your LinkedIn status to your Twitter account.

3) Avoid chat, games and other timewasters. Tempting as they are, they cheat you out of productive time. Games in particular can also be venues for viruses. If you must play games, look for those that let you choose when to play, like card games, as opposed to those that penalize you for not using them regularly, like Farmville. And avoid groups that claim you’ll get X number of game goodies if you join–again, most of those are laden with viruses.

Subscribe free to Tech Tips and receive bonus tips, tricks and product reviews. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Don’t miss my upcoming seminars on social networking:

Marketing Your Business Through Blogs And Facebook (Beginner)
GLMV Chamber Of Commerce Munch & Learn
Wednesday, June 16, 2010, 12:00pm-1:00pm
GLMV Chamber Office, 1123 S. Milwaukee Ave, Libertyville, Illinois

See below for the advanced session of this class at the GLMV Chamber Best Practices B2B EXPO & Conference on June 23rd.

Discover how to market your business online by leveraging the power of blogs and Facebook. Learn how to set up your Facebook profile or fan page, how to create and maintain a business blog, and how to integrate the two to offer a comprehensive online presence. Computers are not required but you may bring a laptop for hands-on instruction. To register, contact the GLMV Chamber at (847) 680-0750.

Marketing Your Business Through Blogs And Facebook (Advanced)
GLMV Chamber Best Practices B2B EXPO & Conference
Wednesday, June 23, 2010, 2:15pm-3:00pm
Doubletree Hotel, 510 East IL Route 83, Mundelein, Illinois

This is a more advanced session and followup to the previous Munch & Learn seminar on June 16th.

Discover how to market your business online by leveraging the power of blogs and Facebook. Learn how to set up your Facebook profile or fan page, how to create and maintain a business blog, and how to integrate the two to offer a comprehensive online presence. Computers are not required but you may bring a laptop for hands-on instruction. To register, contact the GLMV Chamber at (847) 680-0750.

Basic Social Networking
Crystal Lake Chamber Of Commerce Business Builder Breakfast
Friday, July 16, 2010, 8:30am-10:00am
Crystal Lake Chamber, 427 W. Virginia St, Crystal Lake, Illinois

See below for the advanced session of this class.

Have you been asked to get LinkedIn? Can you make contacts through Facebook? Should you Twitter your business? Learn how to use social networking to market your business. We’ll talk about which sites are right for you, how to establish your profile and how to integrate social networking into your marketing strategy. To register, contact the Crystal Lake Chamber at (815) 459-1300.

Advanced Social Networking
Crystal Lake Chamber Of Commerce Business Builder Breakfast
Friday, August 6, 2010, 8:30am-10:00am
Crystal Lake Chamber, 427 W. Virginia St, Crystal Lake, Illinois

See above for the beginner session of this class.

Now that you understand the basics of social networking, let’s delve deeper into how this new technology can help your business. We’ll talk about the advanced features of social networking and how you can use integration tools to save time. To register, contact the Crystal Lake Chamber at (815) 459-1300.

A recent wave of viruses that propagate via Skype and Yahoo Messenger illustrate the principles of social engineering: how viruses bypass security precautions by tricking you into letting them in.

The Skype and Yahoo Messenger worms distribute themselves via messages like  “Does my new hairstyle look good? bad? perfect?” and “My printer is about to be thrown through a window if this pic won’t come our right. You see anything wrong with it?” The accompanying link appears to point to an innocent jpg, but when you click on it you are actually running the worm.

Don’t confuse social engineering with social networking. Social networking means interactive Web 2.0 sites like Facebook, MySpace, LinkedIn and Twitter. Social engineering is the art of tricking you into installing viruses or malware on your computer. PC and Mac users alike can be drawn in by social engineering scams.

Social engineering is a common tactic used by viruses and malware. The Twitter worm we discussed in February uses direct messages to entice users into visiting a pseudo-Twitter login page that harvests login credentials. Scams like the faux Facebook Update arrive via email, and contain links to malicious web sites. Rogue antivirus software is all about social engineering: make users think their computers are infected with viruses that can only be removed by purchasing the fake software.

How do you avoid social engineering scams?

• Links can look legitimate when they’re not. For example, I can spoof a link that says: http://support.microsoft.com. Now, before you click that, mouse over it without clicking and look at the status bar at the bottom of your web browser. (If you don’t see the status bar, go to the View menu and make sure Status Bar is checked. It may be under the Toolbars sub-menu.) You’ll note that the status bar reveals the true destination. In this case I used a safe example: my Tech Tips blog. But you can see how links can easily be redirected. The status bar trick works in email, too. It’s not foolproof (the status bar contents can be spoofed as well), but it is a good place to start.
• If you get a message from someone, try doing a web search on the text of the message to see if it’s a known scam. For example, with the Skype and Yahoo Messenger trick, a quick search for “Does my new hairstyle look good? bad? perfect?” reveals news of the worm, especially if you pair the search with the word “virus.”
• Don’t let your software protections lull you into a false sense of security. Yes, you need to run good security software and keep it up to date, but the point of social engineering is to get you to click, thus bypassing your protections.
• And, as always: when in doubt, don’t click.

Don’t forget, if you subscribe to my Tech Tips email newsletter you’ll receive tips like these, plus tech support tricks and other ways you can get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

VeriSign iDefense has discovered a hacker selling 1.5 million hacked Facebook profiles for sale on the black market. The profiles are going for $25 for 1,000 profiles with under 10 contacts, and $45 for 1,000 profiles with more than 10 contacts.

Why sell profiles? As you can see from the pricing, it’s all about the contacts. Hacked profiles give criminals the ability to advertise to trusting users. If you get a message from a Facebook friend telling you to click a link, you are more likely to do so than if you get an anonymous spam message in your email. This is what we call spear phishing, targeted campaigns that appear to be from trusted sources. Buy profiles for cheap, trick people into clicking on malicious links or buying junk like rogue antivirus software, and voila! the criminals rake in the profits.

Hacked profiles can also be used to harvest your personal information to crack security questions for juicier targets like your bank accounts. Many people falsely consider Facebook a private environment and post all sorts of information about themselves, their families and their backgrounds. If you post a cute picture of your dog Rover and the security question for your bank is “What is your dog’s name?” you’ve just given away important information.

Likely there are more than 1.5 million Facebook profiles for sale out there. Also for sale are LinkedIn and Twitter accounts, email usernames and passwords, and la creme de la creme, bank accounts and passwords. Even your computer’s processing power can be bought and sold under your nose. It’s a whole underground economy taking advantage of you.

How can you protect yourself? Strong passwords that are unique on every system, good quality security software, and common sense before clicking links. I also encourage you to avoid posting personal information on places like Facebook, be careful of the friend requests you accept, and adjust your privacy settings to maximum. Even so, plenty of people who follow all the rules fall victim. The scams get trickier and more difficult to expose. It’s important to stay educated about computer security, which is why you should subscribe to my free Tech Tips newsletter to keep on top of the latest news.

My tech column in today’s Northwest Herald is about how to protect your passwords and your privacy on the Internet. Remember, to create strong passwords:

• 6 to 12 characters in length
• Mix of lower- and uppercase letters and numbers
• Symbols if allowed
• Not easily identifiable (your spouse, your kids, your dog)
• Create a passphrase
  • fourscore and seven years ago = 4Score&7Yrs (don’t use this one!)
• Different password for every account
• Change your passwords regularly, at least every 3 months
• Don’t re-use or cycle through the same set of passwords
• You can write them down, but keep them in a safe place

No one is immune to having their accounts compromised, and weak passwords are often the method. So take some time this weekend to secure your world by setting strong, unique passwords for all of your accounts.

Here are links to the resources I mentioned in the article (they’re all free):

• About the Twitter worm
• KeePass password manager, available for Windows, Mac, and smart phones
• ExpandURL for expanding shortened links
• McAfee SiteAdvisor
  • and, in a similar vein, LinkExtend for Firefox

If you found this information helpful, sign up for my free Tech Tips newsletter and continue to learn how to get the most out of your PC or Mac computer. Click here to subscribe or send email to techtips-request-at-guidryconsulting-dot-com, subject “subscribe”.

Next week I’m offering free previews of my Social Networking and Internet Safety For Kids classes with the Cary Park District. The free preview of Social Networking will be held Thursday, February 4th, 2010 from 9:00am-9:30am at the Park District Community Center, 255 Briargate Rd. in Cary, Illinois. The free preview of Internet Safety For Kids will be held Saturday, February 6th, 2010 from 9:00am-9:30am. Registration is not required for these free previews. For more information or to register for the full classes, contact the Cary Park District at (847) 639-6100 or www.carypark.com.

Click here to see the other computer classes I have available. If you are interested in a class but don’t see it here, contact me. With enough interest I can set up additional sessions of any of my classes. I can also work with you one-on-one.

Social Networking
Sponsored by the Cary Park District
Next session TBA

Have you been asked to get LinkedIn? Can you make business contacts through Facebook or MySpace? Should you Twitter your business? Learn the answers to these questions and more. Computers are not required, but you may bring a laptop for hands-on instruction.

Internet Safety For Kids And Tweens (ages 5 years-adult)
Sponsored by the Cary Park District
Monday, February 15, 2010, 9:30am-10:30am

Learn how kids can use the Internet safely by covering age-appropriate skills and talking about online stranger danger. Review basic skills, talk about ways to use technology with less risk and take a quiz to test your knowledge. Parents are welcome to enroll in this program with their kids. Computers are not required, but you may bring a laptop for hands-on instruction.