"Facebook, for example, handles login credentials
over SSL streams. "
Only if you intentionally add https to the URL.
Otherwise, you get the non-secure site by default.
Jennifer Leggio is at RSA Conference
Guest editorial by Branden Williams
Social networking sites as innocent as LinkedIn and as provocative as Twitter (have you seen my stream?) have now become a personal branding vehicle many professionals. Some of us have had the unfortunate experience of losing a job we barely had thanks to social networking. Others have seen it as the boost to their career they have been wanting for years. Let’s talk about security in the context of the latter.
When I moved my blog to a setup I administered, I made two commitments to myself. The first is that I would make frequent backups because there has yet to be a flawless content management system introduced to the market and I could only assume I would have some kind of security problem along the way. The second was that I would pay money to wrap my entire blog inside an SSL stream.
My primary goal with forcing all of the traffic through and SSL tunnel was to seamlessly provide a way for me to connect and administer the content from anywhere (like a coffee shop I frequent) without fear of my credentials being snooped. Like most of us out there, I’ve hacked together some security tricks that work 95% of the time, but require some attention when they break. I didn’t want to be fiddling with a broken SSL stream when I had an inspiration for the next pile of brain vomit for my blog.
While I realize that at some point in my life my site will probably be hacked (odds are NOT on my side here), I’d rather it be because of a software bug and not my credentials being stolen.
But what does that mean for those of us that choose to further build our brand and professional identity through other social networking sites like Twitter, Facebook, and LinkedIn?
Not only are strong passwords a requirement, but it is critical to ensure the sites you use take adequate precautions to protect your credentials during the login process. It’s one thing to log into a site that does not protect credentials when you are sitting on your couch, but it is entirely another problem when you are on the road trusting your hotel, coffee shop, pub, or airport to protect your credentials in-flight.
The hope for the hacked is the event only becomes an embarrassment. Many of the compromises I have seen are not taken seriously enough to tarnish someone’s reputation, even if it stands as a permanent embarrassment that the guy that had it happen to him. The more sophisticated attacks create significant cause for concern. If malware-laced links all the sudden started showing up on your social media stage, you may become part of a launch vehicle for malware. If you frequently post links to other sites or news items, the likelihood of a follower clicking a malicious link greatly increases.
What can you do? The first step is to make sure that you actually take password complexity seriously. There are too many tools available to create and securely store random passwords for these sites to claim that you can’t remember yet another password.
The second is to consciously be aware of which sites allow you to submit passwords in the clear. Facebook, for example, handles login credentials over SSL streams. What about your blog software? Be conscious of where and how you log into these sites.
Finally, check yourself out! Sure, you can do it in front of a mirror and do your own special version of Blue Steel, or more productively you can regularly review your social media sites and look for strange activity. If you run a blog, be sure your software is up to date, and regularly review it for hidden links.
Don’t be afraid to use these tools, but be aware of what can happen once you have a following. Protect your online persona just like you protect your physical one!
Branden Williams is the director of the security consulting practice at RSA, the security division of EMC. He is a published security author who regularly writes and consults on key security issues that impact today’s global business. Branden lives in Texas, loves BBQ, flying, and a great brewpub.
