2/22/10

Security Axioms, Good, Old Stuff

It has been years since I published a list of Security Axioms on my web page. Note, I didn't write "My" security axioms. They are old, probably timeless, and too-often forgotten.

Bill Murray, in his Thinking About Security blog mentions some that fit right in, in his post "Effective" Security.

2/21/10

Phishing and Phacebook Applications

Oops. meant "Facebook."

Email messages about millions in contract money waiting to be paid to you for work you did years ago in Nigeria. Or an inheritance waiting for you because someone in Ghana heard about your Christian charity.

Most of us are smart enough to know that those are scams. (As I wrote in
Internet Safety, "No widow in some foreign country has heard of what a kind-hearted, trustworthy person you are, no matter how kind-hearted and trustworthy you are." And, "Did you really do business in another country and forget that they still owed you $75,000?")

They feed on our greed and on our pride, right?

Facebook applications like these are similar:
  • "Who secretly thinks you are hot?"
  • "Who has blocked you?"
The first one... well, it is obvious why that might get our attention. The second... I don't know. What makes us interested in the answer to "Who secretly thinks I am an idiot, and talks behind my back?" Do you really want to know? No, I mean really?

Anyway, it doesn't matter why. What matters it they do get attention. They are also prime candidates for applications that contain malware (things that trigger viruses, etc.).

My friends on Facebook should not take offense at this, but I do not add applications. I don't trust those applications. Also, I'd rather interact with you on Facebook with words rather than snowballs, pumpkins, or whatever.

No one will listen, but I recommend going into your Facebook and removing any Application you don't remember adding or whose purpose you don't understand. (I mean, what could happen? No more stray cows in your corn?)

(I assume you know what phishing is. The Wikipedia definition of phishing is good.)