This is the third episode of the Social Media Security Podcast recorded October 23, 2009. This episode was hosted by Scott Wright, Tom Eston and Kevin Johnson. Below are the show notes, links to articles and news mentioned in the podcast:
- Tom and Scott talk about phishing on social networks. How can you tell the difference between a fake friend request and a real one? Here is a screen shot of a fake friend request and a real friend request. Just by looking at the email…it’s really hard to tell the difference isn’t it? The only way you can tell the difference is to look at the URL the link is going to by looking at the message source (code and/or mail header info). We advise you check your Facebook Inbox for legitimate friend requests, don’t click on friend request links in email.
- Tom gives a primer on Koobface. What is the Koobface worm and how does it spread? If you want to learn more about Koobface check out this very good paper created by TrendMicro on how Koobface works.
- Kevin gives a great non-technical overview of CSRF (Cross-site request forgery). Want to see a real CSRF attack demonstrating stealing private Facebook profile information? Check out this video and blog post. Here is the great talk by Jeremiah Grossman about exploiting business logic flaws that Tom mentioned.
- Interested to know more about CSRF? Check out Security Now! Episode 166.
- Are your protected tweets able to be searched by Google? Tom clarifies that this article was not true at all. However, there are some important things you need to know about protected tweets and why making your Twitter account private doesn’t buy you much.
- Due to popular demand we are going to try recording the podcast bi-weekly!
- Be sure to follow us on Twitter to stay up-to-date on all the latest news in the world of social media security!
Please send any show feedback to feedback [aT] socialmediasecurity.com or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast now in iTunes! Thanks for listening!