February 16, 2009
Facebook Insecurity

This past weekend, I attended what I like to call a "writers conference." (It was RadCon -- an event more properly called a "science fiction convention," but I went there as a writer, so let me cling to my euphemisms, okay?)

During a lull in the conference, I should have been working on red-lining the page proofs I'd received for Swordplay, which contains a short story of mine ("Last Man Standing"). Instead, I decided to create an account on Facebook, as I'd alluded to earlier.

Once on Facebook, I found a near and dear friend of mine who had posted to her "Notes" section a response to a couple of questionnaires that seem to be making the rounds. "Twenty-Five Random Things About You" and "The Name Game", where you answer questions based upon factoids about yourself.

These seem like really fun games to play, and I want to play. I want old friends of mine to have a chance to catch up with some of the tidbits I've collected in my life over the years. I want my old friends to find me. I intend to find a way to share what I can with them.

BUT.

So many of these fun little games can pose a security risk. I don't mean like, "Oh, Betty Sue from first grade might find out that I've converted to Pastafarianism and now will use that information against me to spoil my relationships with our mutual friends from first grade who have since become religious fundamentalists." Rather, I mean, "Oh, I mentioned the name of my first pet, and that's the security question on my credit card accounts."

I've written a bit more extensively on the topic of "breaking and entering" into your identity using this kind of information. Please take a look at my previous blog post on the subject. But, let me repeat part of it here:

If someone wants to get at your online identity, your weakest link (and therefore your greatest vulnerability) is probably your security question.

Many online data warehouses will, if you "forgot your password", simply e-mail your password or a password-reset link to your e-mail address. As long as you have reasonably good control over your e-mail address, that's fine. But many online data warehouses will, instead, ask a security question (possibly even one that you have picked). Upon successfully answering the question, *anyone* can be given complete access to *your* online identity.

This is particularly problematic for AOL and the major blog networks, where the user ID is already public. If Johnny Badguy wants to hijack your blog on BlogJournal, and he knows (isn't it always a 'he'?) that your blog belongs to "Victim-American", then he already knows the login ID to use. When asked the security question, well... all he has to do is look it up on the web, no?

It's like this: Johnny Badguy types in your login ID and clicks on "I forgot my password." He is then asked, "What year did you graduate college?" He then searches your blog (or elsewhere on the internet, as appropriate) for any references to your age, deduces what year you probably graduated, and then he's in. "What's your mother's maiden name?" He looks for any references you may have made to your grandparents. "Where were you born?" Again, not usually all that hard to find the clues necessary to come up with the answer.

I've been meaning for some time now to post an essay about an old car I owned, but I know I used that as a security question/answer for something, and until I track down what it was, I'm reticent to share that online....

So, yeah. One of these days, I'll probably join y'all in the "Twenty-Five Random Facts About Me" game. But I strongly encourage you to make sure you are not sharing any information that you have used as the answer to a security question on any of your bank, credit, or online accounts.

By the way... will you be my friend?

Posted by on February 16, 2009 11:32 PM in the following Department(s): Technology , Tidbits

 Comments

So instead of joining me in a rousing game of Scramble on facebook, you're raving about facebook insecurity?

Posted by: Grace on February 17, 2009 9:23 AM

Allen, Would you mind if I copied and pasted the info about sharing info online for security reasons? I had never thought of this and am sure many of my friend haven't either.

Seeing the picture of your boys made me smile....they look like you when you were little. :-)

Kathy = your father's first cousin once removed or your grandfather's nephew's daughter. Kathy = someone who spoiled you when you were a baby.

Posted by: Kathy (Rousselle) Doehler on February 21, 2009 9:00 AM

Hi, Cousin!

Yes, I remember you (albeit only vaguely). And, hello again!

I'm honored that you've stumbled upon and read my site.

That said, in answer to your question below -- and thank you for asking, and for understanding the "intellectual property rights" aspect -- I do not mind if you copy and paste part of my essay about internet security concerns as long as you are kind enough to include the little note below:

"This essay excerpt is copyright (c) 2009 by Allan Rousselle, all rights reserved. The full essay was found at http://www.rousselle.com/allan/archives/000620.html"

Again, thank you for asking. I know that these days of the internet, many assume that once it's posted, it's all fair game (which it isn't).

Thanks also for the comment about my boys. They do strike me as much cuter versions of myself as a kid. They are *so* adorable. And yes, I'm biased, but if that's one of the by-products of love, I'll take it.

Regards,

--Allan

Posted by: Allan on February 21, 2009 10:34 AM

 Post a comment
Name:


Email Address:


Home Page:


Comments:


Remember info?




Copyright (c)1998 - 2010 by Allan Rousselle. All rights reserved, all wrongs reversed, all reservations righted, all right, already.
Click here to send me mail.
The author. January, 2010.
S e a r c h   T h i s   S i t e



D e p a r t m e n t s

About This Site
Adventures in Academia
Articles
Books/Movies/Music
Building a House
Clarion West Journal
Essays
Gingiva Graft
Goals, Plans, Intentions
Humor
Journey of a Thousand Pounds
Links
Novel-in-Progress
Poetry
Privacy Policy
Recipes
Sports
Teaching
Technology
The Boys
Tidbits
Tidbits II
Tidbits III
Writing
R e c e n t   E n t r i e s

Thoughts on "Why Cornell?"
Santas I Have Been
Thanksgiving 2009
Very Useful Wizards and Templates....
The Trouble With Heroes
The Ending of Battlestar Galactica [SPOILERS!!!]
Chicken to Impress Women
R e c e n t   C o m m e n t s

On Feb 21, Allan said:
"Hi, Cousin! Yes, I remember you (albeit on..." on entry: Facebook Insecurity.

On Feb 21, Kathy (Rousselle) Doehler said:
"Allen, Would you mind if I copied and pasted..." on entry: Facebook Insecurity.

On Feb 17, Grace said:
"So instead of joining me in a rousing game of..." on entry: Facebook Insecurity.
F r i e n d s

Jeff Anbinder
Avi Bar-Zeev
Jack William Bell
Dan Berg
Philip Brewer (new link)
Matthew Buchman
Stephanie Burgis
Michael Canfield
Brenda Cooper
Ellen Datlow
Everett Dolman
Anne Dunning
Raymund Eich
Kelley Eskridge
Karen Fishler
Eric Francis
Stephen L. Gibson
Neile Graham
Joseph Haines
John Hedtke
David Howell
Jonathan Laden
Jay Lake
Samantha Ling
Therese Littleton
Emily Mah
Allen McPheeters
Hilary Moon Murphy
Pati Nagle
James Osborne
Eric Penz
John Pitts
Benjamin Rosenbaum
Kristine Kathryn Rusch
Kiini Ibura Salaam
Patrick Samphire
Peter Schoaff
Jehan Semper
Kevin Shay
Amy Sisson
Dean Wesley Smith
Leslie Claire Walker (new!)
Nicole Wilker
Suzanne Wynnell
A r c h i v e s

December 2009
November 2009
October 2009
September 2009
July 2009
June 2009
May 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
February 2002
January 2002
December 2001
November 2001
October 2001
September 2001
August 2001
July 2001
June 2001
May 2001
April 2001
March 2001
February 2001
January 2001
December 2000
November 2000
O t h e r   L i n k s

Mirror Place
Luxury Mirrors
Plasticreations

Clarion West
Clarion Ex Machina
Web Rats
Oregon Coast Writers Workshops (new link)


Subscribe to this blog's feed
[What is this?]

Add to My Yahoo!