Some thoughts on infosec and social media

I posted the thought above on Twitter a couple nights ago.

Rereading it, I feel I need to expand upon my idea, because there are a couple motivators for the tweet. First, the tweet was not worded very well. It comes off as saying that people on Twitter are not as good as those not on Twitter. This wasn’t my intention. I think there are really good people both on and off Twitter. The idea is more about myself and evaluating whether or not I’d be a better infosec person if I were to stay off Twitter.

A majority of the people I work with on the security team are not on Twitter. All of them are really good at what they do. I know there are more of those types of people, because I’ve worked with others who are really good at what they do. Twitter is a very small subset of the people within the infosec field. I think it’s important that what is said and done on Twitter doesn’t necessarily reflect on the entire industry. I was also watching a YouTube video at the time of a buddy of mine who has a Twitter account, but doesn’t tweet a lot. He’s really smart and is doing some pretty amazing things in the field. I’ve wondered if I need to be spending more time being productive and less time on Twitter.

Twitter being just a small part of Twitter is also why I was a bit disappointed to hear that this year is DerbyCon’s last. I like to go to DerbyCon. I have a good time and I catch up with friends and make new ones. There’s a lot of positives to the conference. Unfortunately, there is also some drama, which gets amplified by Twitter. It’s draining on the conference organizers. I get it and I don’t have any ill feelings towards their decision. It’s their conference.

What I think it highlights to me is that sometimes we need to step out of our own little bubble and look around. Twitter, and social media, is our own little world. We create it and curate it to our beliefs and preferences. It can certainly be a useful tool for information, but it can also create our own bubble that consumes and drowns us.

Things that get our attention the most are on social media are controversial. It’s frustrating and depressing. I take solace in the fact that there’s a larger world with the those things but also a lot more good.



InfoSec fun links June 10, 2014

Alleged robber caught after trying to befriend his victim on Facebook - Lisa Vaas - Naked Security

Apparently, mugging someone and then trying to friend them on Facebook is the new thing for criminals. Not much else to say here, except /facepalm.

Secret Service Software Will 'Detect Sarcasm' Social Media Users - Aliya Sternstein - Nextgov

Humans can barely do this! Now some software is going to do it? Good luck with that.

14-year-old code crackers hack Winnipeg ATM - Doug Lunney - Toronto Sun

ATMs are notoriously insecure. Not only can skimmers be placed on them and 90% of them around the world are running Windows XP, but also default settings aren't being changed on them. Two teenagers found a manual online for an ATM machine that allowed them to get into the operators mode. The best part of the story is that they went to the bank and informed the staff that they had done it, they didn't believe them. So the got permission to get proof and returned with six documents printed out from the operator mode. Only then did the staff take them seriously. Welcome to the world of security research kids.

 This post first appeared on Exploring Information Security.

Social media infosec links April 28, 2014

Don't share your location with your friends on WhatsApp - Paul Ducklin - Naked Security

WhatsApp is an instant messaging app that, "allows you to exchange messages without have to pay for SMSes." Facebook recently acquired the app for $19 billion. With money like that you would assume that the app was solid form a security standpoint, except that it's not. Location information can be easily sniffed, without even needing to download the app. Just another reason why you shouldn't share your location information on social media.

5 essential tips for customer care people dealing with technical queries - Troy Hunt - troyhunt.com

There's a right way to do customer service on social media and a wrong way.

What A Teenage Facebook Update Can Teach your Business - Lee Munson - Security Watch

Father sues school for wrongful dismissal; father wins case; daughter goes on Facebook and brags about trip to Europe courtesy of school, ending with "SUCK IT."; school refuses to pay because of breach of secrecy agreement; school wins, father likely pissed. Lesson: over sharing on social media is a very bad idea and could cost you financial. 

This post first appeared on Exploring Information Security.