We have been warning for a long time of the issue of adding our personal information to any social network. I use them by myself (Facebook, LinkedIn, etc.) and I’m surprised at the amount of personal information that my contacts have there, even more surprised when more than the 90% of my contacts work in security related companies -yes, that means that my social life sucks, I know 😉
Social networks are also a good communication tool, just a few days ago we could see how the Queenstown police arrested a man thanks to Facefook. But things are not black or white, and when the mankind is involved you can also see the dark side. In September 2008 we could see some news reports about terrorist using Facebook to kidnap Israeli soldiers.
But we don’t need to go that far. There is another major issue: people are lazy, we don’t want to have complex passwords that we can’t remember, nor to have a different password for each application; so people just choose an easy to remember password or just create passwords consisting of some of their own personal information, using their birthday, wife/husband name, hometown, etc. Last week 4 people were arrested for blackmailing Spanish singer David Bisbal. Basically they had got into his mail account and used the information stored there. The head of the gang, psychologist, was able to figure out his password after studying all the personal information of the singer that can be obtained from the Internet.
We do not usually have that kind of information about ourselves available for our friends, but we have it on Facebook and similar networks. They are only visible to our friends (we should redefine the word “friend” in a social network enviroment, but I won’t talk about it here). I have not tried (and won’t) to figure out my friends passwords, but I could do it and I’m sure it would work in many cases. And what happens if one of our friend’s accounts gets hacked, is that whoever it is will have access to all his friends info… scary at least.
So please, just follow some basic recommendations:
• Use common sense.
• Restrict viewing of your details to trusted persons.
• Don’t publish your full birth date.
• Don’t reveal your e-mail, phone number or postal address.
• Ignore unsolicited requests to be friends or group membership from unknown people.
• Use different passwords, and change them periodically.
Finally, you can take a look at this list, containing a list of the Top 500 worst passwords of all times, taken from the book Perfect Password (Mark Burnett, 2005). I miss some passwords in this list, as “guest”, “admin” or “backup”, but it is useful so that you can know which ones you shouldn’t choose.