More Useful Stuff
The test: We provided Robert Shimonski, a network security consultant (hacker for hire), with info pulled from a Men’s Health staffer’s Facebook profile.
Our anti-hero’s goal: to crack through to that poor sap’s sensitive personal information, data and accounts.
Shimonski barely broke a sweat. He researched the staff member, called his email provider, fudged through a series of security questions and then changed the password. From there, he could have scoured our guy’s email, scammed his friends or – well, we’re afraid to know.
Stay safe by keeping an eye on these loose ends.
Be selective about who can see you
On Facebook there are your friends, your acquaintances and your make-believe hot blondes. And while you may not think your status updates are security breaches, they add up to a lot of valuable information about you. So be strict: unless you know someone personally, block them from seeing most of your information.
Use smarter secret questions
A hacker doesn’t have to guess your password; just clicking on “forgot your password?” can expose your list of secret questions. “If your question is always your dog’s name, and your dog’s name is on your website – well, anybody can reset your password,” says Lorrie Faith Cranor, a professor of computer science at Carnegie Mellon University. If you can write your own questions, do it. If you can’t, provide answers that only you know. Better yet, invent fictional ones: pretend your first dog was Sir Wagzalot.
Don’t be electronically promiscuous
Be wary of signing into personal accounts on public computers, says Justin Brookman, director of the consumer privacy project at the Centre for Democracy & Technology in the States. “Someone could have installed tracking software on the machine or could come along later and see what you were doing.” And that goes for public Wi-Fi networks, too. “Your information is floating openly in the air,” Brookman says. If you must log into a personal account on an open network, be sure the Web address starts with “https” instead of “http.” The added “s” means the site uses SSL encryption to protect your privacy.