Losing face Published Oct. 5, 2010 By 1st Lt. Lori Granger 21st Communications Squadron PETERSON AIR FORCE BASE, Colo. -- Facebook, as the fanfare hails, is the modern way to keep in contact with family and friends; a life saver for that new Airman who's never been away from home; a convenient way to stay in touch with old co-workers, supervisors, and professional contacts. Essentially, the networking tool for the 21st century. As history shows, military technocrats have discussed the dicey topic of social media for quite some time. Given the military edge, sometimes we may think we're informed on all the dangers and pitfalls of online social networks. We check our security settings on a regular basis. We max out our privacy settings. We don't post our personal identifying information, such as our phone numbers, our birth date or our home address. We even think twice before posting our status updates enlightened that we could reveal sensitive information. As it asks, "what's on your mind?" The response: "I'm on vacation in Vegas, baby!!!" I.e.; tip to hacking thieves: "my house is empty. Come steal the new Harley I posted as my profile picture--it's really expensive." So the question remains, have all our efforts in educating users to keep their online information safe given us a false sense of security? Are our pictures, our wall postings and user accounts still at risk? Even after we've taken all the necessary steps to secure our accounts? Yes they are. The easiest, yet most notorious methods involve psychological trickery to deceive users into revealing information. We know them as phishing attempts and social engineering. Yet there are other methods used to access accounts. To test our security muscles even further, let's take a look at other exploits on Facebook. Password Stealing This strategy involves hacking e-mail account passwords, particularly the ones used to access Facebook. Using readily available password cracking software, intruders can easily hack the password on e-mail accounts, then using the "forgot password" feature, retrieve our Facebook passwords. Solution: Protect e-mail accounts with a strong passwords. Security Question Detective What about the security questions we use to protect our Facebook passwords? Is it possible that someone might know the answers to our security questions simply by viewing information we haven't secured? It happens more often than some think. Wall posts, photo captions, or even seemingly harmless small talk, can potentially reveal those critical bits of information needed to access our information and "steal our face." Keylogging Other stealthy methods for accessing Facebook accounts includes keylogging. Here, a program is remotely installed on our computers that records keystrokes as a user types. Ensuring anti-spyware is up to date with increased security privileges can help reduce the chances a keylogger can access your system. Sniffing Sniffing tools allow someone to view anything we type on an unsecured wireless connection. Similar to keylogging, a sniffing program doesn't have to be installed at a remote location. Consider this a wire tap. You never know who's listening on the coffee shop net. A Facebook application that collects information from our accounts or brute force hacking against Facebook itself are also potential doorways for a would-be identity thief. Bottom Line Many of the above hacking techniques are undetectable so there's no real technical antidote. Instead, the best mitigation technique is not revealing key information or "story telling" information from the start. Play devil's advocate with yourself or friends. Could you figure out more about a person by connecting the dots on your Facebook account? So now you're aware. With an expanded awareness and detective mentality, the technology of today's premier social network sites can be used safely where you save face, and thieves lose to identity theft.