Basically foursquare is a location-based social network.  Users load an app on their iPhones, Androids, or other phones. When they visit somewhere like a local restaurant or park, they “check-in” which then announces their presence at the location (and can then be broadcast on your twitter and Facebook profiles). 

Now, here’s the hook. 

    With the app, you can search for locations near you that other people are talking about and see tips they’ve left like “be sure to try the Bang Bang Shrimp at BoneFish in Bearden”.  At the most basic level, Foursquare is a centralized forum for local consumers to tell others about good places to eat, shop, and enjoy.  The idea for businesses is that your location could go “viral—meaning suddenly a lot of people could be coming through your doors because of the buzz being generated online.  Pretty neat idea.

    Because businesses want people coming through their doors a lot, business owners incentivize foursquare users for frequenting their stores.  Users get points for checking in and doing various activities, and they get badges (think Farmville awards) for various accomplishments.  The top foursquare users who visit any given location have the chance to be “mayor” of that spot.  The idea is that businesses would offer loyalty rewards to mayors like free or discounted products.  The natural extension for business owners is that it would generate competition among Fousquare users to earn discounts and drive them to participating stores and restaurants.  Knoxville’s Foursquare community is young but growing.  As a matter of fact, if you’re heading to the Healthy Living Expo at the Knoxville Convention Center, check-in to foursquare when you get there and you’ll get $2 off the admission price at the door!

    Obviously with technology like this there are certain security concerns.  Linking this to your various Twitter and Facebook accounts, while contributing to the “viral-ness” of the site, also subsequently could open you up to cyberstalking.  Users should definitely take  a step back and consider just how integrated they want this in their digital lives and how much information they want to be broadcasting before taking part.

Till next time!

– Dan Thompson

Just the Facts Ma’am

   Google has long been the king of the search engines, and you probably knew that Google had an image search… but now with Google Goggles, you can search images!  Let me explain.  If you’ve got an Android powered phone (and maybe more phones soon) you can download the Goggles application from the Android Marketplace and it will allow you to take pictures of things, and then do searches based on those pictures… meaning it can tell what it is you’ve taken a picture of.  As an example the company uses a picture taken of the Golden Gate bridge or the Eiffel Tower, and then the application returns search results of those landmarks; such as things of interest nearby, the history behind the location… you know, normal Google search goodness.  Other examples given by the company are pictures of a book which can yield things like the name and author and where you can buy it.  I’m particularly interested in this functionality because it could potentially allow you to walk into a store and ensure you’re getting the best deal on anything you’re buying.  Pretty cool stuff.

"Do you begin to see, then, what kind of world we are creating?”

    Call me crazy, but this is also a little scary.  Why?  Think “facial recognition”.  “But Dan”, you say “they’d have to have a HUGE database of images to pull that off!”  Let me paint this picture for you.  A short while ago Google announced that it had inked a deal with Facebook, MySpace, and Twitter that would allow them hooks into the respective sites to bolster their new real-time search functionality.  Now, on first go around the point of this integration is to allow you to get search results that show up-to-the-second results of what people are saying about what you’ve just searched for.  Type in a search about New Moon, and it’ll hand you back Twitter comments about New Moon as well as the usual links you’d expect from such a search.  But lets think about that for a second.  Facebook and MySpace… hmmm… at last count there were some 251 pictures of me tagged on Facebook (and who knows how many on MySpace… haven’t been to that site in AGES) of which depict about every imaginable angle of my face.  I have personally provided them with a database of pictures of myself, which I have verified are me by tagging myself in them.  So could Google expand it’s search to tap into that?  Why not!?

    Let’s take Facebook and MySpace out of the argument for just a second, and take a look at Google Profiles.  Google Profiles are something Google invented a while back to help manage your digital identity.  With the profile you can add links to all your websites, blogs, Twitter stream… anything you want… as well as places you’ve lived, worked, and gone to school.  Additionally, you can provide a picture (which by the way increases your “search-ability”) of yourself and link to your Flickr account… yet ANOTHER database of pictures.  All this to help you dictate what people find about you, when they search for you.  You have to be signed in to Google for it to display these results, but go ahead… search for my name… you’ll see my picture on the first page.  See where I’m going with all this?

   So how could something like this play out?  Let’s say you’re walking down the street with your phone and you snap a picture of someone walking by… Google Goggles, or some iteration of it, could feasibly instantly return to you the name of that person, where they are from, where they live now, their marital status, their political party affiliation, their birthday, their blogs, what the last 5 comments they made on Twitter were (which could possibly tell you where they just ate… or are headed to eat), who their friends are, and even people you may know in common.  YIKES!!  With all that information it’d be awfully easy for a crook to convince you that they know you, wouldn’t it?  Consider that our phones can know our exact location at any given moment with the built in GPS functionality and Google could combine that with the picture search for an even higher confidence level that the person you just searched for, is in fact the person Google is telling you they are because you’re standing in their home town and the place they work is just right down the street!  Holy CRAP! 

   It doesn’t stop there.  Google has a long history of creating super nice programming APIs for developers to tap into the neat tools they’ve created.  So if you wanted to, you can make your own program around something like Google Maps and essentially create your own version of Google Earth.  Now, Google Labs has yet to say whether or not they’ll be creating such an API, but if they do, it would be easy enough for Law Enforcement to tie in their own camera systems to this visual search engine and get a real-time feed of who is walking by their camera.  Creepy. (Oh.. don’t even get me started with where this could lead with Google hacking)

Delete Everything!

    Before anyone gets totally freaked out, lets calm down and realize that the only way this works is if we provide “the system” with the information it needs.  As of this writing, and in the foreseeable future, Google can only search that which is open to the world.  The good news is that, when used correctly, the new security features that Facebook is rolling out this week will allow you to decide at a granular level what is searchable… and what is not.  If you’ve got all your profiles set as securely as possible… you’ll definitely be limiting your search footprint.  Ultimately if you’re REALLY concerned about this, you should probably start deleting all your pictures, web pages, blogs, and Twitter accounts… like yesterday… but that might not even work (check out www.archive.org yep…still there!).

   So what do YOU think, am I just being paranoid?  I’d love to hear your feedback.  Oh, and remember… just because you’re paranoid, doesn’t mean they’re not out to get you!

– Dan Thompson

    I’ve had fun talking about the OS in BETA form (First Impressions and Introducing Win 7), but our work isn’t finished yet.  Stay tuned for articles in the near future discussing “XP Mode”, which I mention in today’s spot, as well as some insight to the deployment and management of the new operating system.

– Dan Thompson

– Dan Thompson

   Check out the full article here, and let us know what you think.  WBIR and techBLOGogy.net would love to hear your feedback.

– Dan Thompson

To share or not to share… that is the question

   Let me just throw this out there: The safest and most secure social networking profile is the one that doesn’t exist.  In a recent conversation I had with Martin Roesch, author of Snort and CTO of Sourcefire, he sad that “If you want to minimize your risks, then talking to anyone and sharing any information about yourself that has value is a bad idea but then, getting on a social network probably isn’t for you”.  You’re probably reading this article because you’d like to continue enjoying social networking site, we’ll move right along.

Passwords?  NO, Passphrases!

   I’ll spare you the greater passphrase lecture for later, but for now trust me that passphrases are more secure than passwords.  Instead of something like “Br549!” as a password, use something like “I like my cat his name is Bill.”  The idea is that by using a sentence the passphrase will inherently be longer, and thus harder to crack and harder to steal.  It also makes it easier to remember, so you’ll be less likely to write it down.  Here’s the problem though, only Facebook really supports them (good job guys).  MySpace limits your password to a maximum of 10 characters (come on, really?) and Twitter won’t let you use spaces in your passphrase.  So why have this conversation to begin with?  Well, for now at least you can make your Facebook password REALLY secure.  For the others, you’ll have to resort to good old fashioned complex passwords using upper and lower case letters, numbers, and special characters (Yeah, I know.. that’s a big giant fail whale).

To change your password in Facebook, hover over the Settings link in the upper right hand corner and choose Account Settings.  From there click the Change link out from the Password heading

Change your MySpace password by clicking the My Account button and choosing the Password link.  You’ll need to enter your current password, the new password, and then type out the Captcha letters in the image it shows.

To change your password on Twitter, click the Settings link and choose the Password tab.  You’ll again need to enter your current and new passwords.

You’re how old again?

   In my mind, the next step to protecting your identity online is totally removing your birth date from your profiles.  Publishing this information seems like a good idea because it lets your friends and family track your birthday better and it further identifies you to your friends. The problem is it further identifies you to your friends!  If we think about it, our birthday is used quite frequently as a means to authenticate us.  The last time you visited your doctor’s office they undoubtedly asked you your name and date of birth as soon as you walked through the door.  In addition to this, researchers at Carnegie-Mellon University recently discovered that they could guess your social security number simply by knowing the town you were born in (another common piece of information we share about ourselves) and the date you were born (click here for the full article).  You really don’t need further reasoning than that.  Just get rid of it. 

On Facebook, your birthday can be listed two different places.  One is the information panel on the side

…and the other is on the info page of your profile, under Basic Information 

You can actually make it disappear from both places simply by clicking the Edit Information button on the Info page and then choosing Don’t show my birthday in my profile from the dropdown listing.

While you’re at it, go ahead and change the birthday listed to something other than your real birthday.  This may seem like a bit of overkill, however a recent Facebook hack which allowed people who weren’t your friends to view your personal info (click here for the full article) reminds us that it’s best just to not have that information listed at all (yes, you may be surprised to find out that I wasn’t really born on Independence Day).

On MySpace this same operation is done by clicking the triangle next to the profile listing and then choosing Edit Profile.

Once there, click the Basic Info and edit away (this is done the same way regardless of if you’re using the original profile tool or the new Profile 2.0 setup).

Both Facebook and MySpace require that you’re at least 13 years of age for your profiles to be publically searchable (parents take note; it’s a common practice for children to say they’re older than they really are so it’s easier for their friends to find them online… it also makes it easier for “you know who” to find them as well) so keep that in mind when you’re making up a new birthday.

Twitter doesn’t even ask you to provide this information.

Yo Momma!

   Another feature of Facebook is the ability to list your family members.  This is can be done by either using the Family Members section of your Basic Info page or through add-on apps like the Family Tree App (more on these apps in a second).

As harmless as this may seem, it is a common practice for women to list their maiden name in their profiles.  By associating your children with yourself and listing your maiden name, we’ve given away a critical security question answer commonly used by credit card companies and home security companies.  You’ll note that more established online family tree websites, like ancestry.com, will hide all pertinent information about your relatives that are still living for this very reason.  Again, just get rid of it!  This is done by again editing your Info page and clicking “cancel relationship”.

Even if your children are not old enough to own credit cards yet, I’d still recommend doing this.  At this point it’s really hard to tell how long this information could possibly hang around (potentially forever), and at the end of the day it’s just not necessary for the social networking experience.  

Ummm… I’m sorry sir, but you’re not on the list.

   The next recommendation I’d make is that you consider making your profiles private.  This is somewhat of a site culture thing, so I won’t harp on this one too much.  The culture on Facebook is to have your profiles limited to only your friends.  MySpace is kind of in the middle with some people protecting their profiles and some people not, and your age really almost defines which of those camps you fall into.  Twitter on the other hand is arguably useless if you lock your profiles down, although I’ll add that with the influx of spam accounts people are slowly migrating in that direction.  With this in mind I would offer that if you choose to leave your profiles open for public viewing, remember that your profile is open for public viewing! Stating that you’re going to be out of town for the next two weeks probably isn’t the best idea (click here for an article on man who found this out the hard way).  It’s easy enough to use sites like anywho.com to combine your name and current city to come up with your street address.  Oh, and saying that you hate your boss is probably not a good idea either.  Employers are watching (click here for the full article). 

   If your profile is currently public and you’d like to make it private, here’s how it’s done.  In Facebook, hover over the Settings link in the upper right-hand corner and choose Privacy Settings.

On the next page, click the Profile link and you’ll be taken to a page that allows you to edit who can see your Basic and Contact Information.  On both of those pages, ensure that all are set to Only Friends.

Facebook has recently announced that it will be adding more granularity to its security settings in the near future.  This translates to potentially more confusion on how to keep your updates and posts private.  Check back to this site for updated information as soon as the changes are made.

   On MySpace this is accomplished by clicking the My Account button in the upper right hand corner and then clicking the Privacy link.  If you’re using the original profile type you’ll select Only My Friends Can View My Profile, however if you’re using the new Profile 2.0, you’ll need to select that for each category listed.

   On Twitter, click the Settings link in the upper right hand corner.  Scroll to the bottom of the Account tab and you’ll notice a check box that says Protect My Updates.  This will make your updates viewable only to those people who are following you, and will ask you to approve any new followers.

In addition to the note given about the fact that some of your previous updates could still be searchable, also take note that you’ll need to go through your current followers and block those that you don’t want to see your posts. 

It’s all about the apps man!

   The last thing I’ll mention is concerning Facebook apps.  I can’t tell you how many times I’ve been invited to join Mafia Wars on Facebook, and quite simply I’m just not interested.  What does this have to do with security?  We just don’t know who wrote these applications, and they all want direct access to your personal information.  To my knowledge nothing catastrophic has happened because of installed apps yet, but it seems to like an accident waiting to happen.  My advice: ignore the requests and don’t install add-ons.  If you’ve got a burning desire to install them, at the very least stick to the more widely known ones that have been around for a while.  For good measure, look at your current list of installed applications and see if there are some you can get rid of.  To accomplish this, click the Applications button in the bottom left hand corner of your Facebook page and choose Edit Applications.

From the Show dropdown box, choose Authorized

This will now present you with a page that lists all the applications that are authorized in your profile.  You may be surprised what you find.  To remove an application from your profile, click the X out from the application.  It will prompt you with a message asking if you’re sure, click Remove.

   So there you have it… at the very least a good start to protecting your identity while using social networking sites.  The ultimate goal is that you at least consider what it is you’re sharing with the greater internet community… and hopefully think twice before telling the world everything.

Be careful out there guys! =)

– Dan Thompson

– Dan Thompson

03:35:14 SCAMMER: Hey
03:35:26 Chris: sup
03:35:40 SCAMMER: How are you today
03:36:02 Chris: well my friend just died but other than that i’m okay
03:36:20 SCAMMER: Sorry about that
03:36:25 Chris: cancer
03:36:27 SCAMMER: Am in a deep sh** right now
03:36:33 Chris: hows that?
03:36:53 SCAMMER: I was mugged at gun point in london lastnight
03:37:00 Chris: first time?
03:37:09 SCAMMER: those muggers took my wallet and bank card from me
03:37:42 Chris: how much you need?
03:37:51 SCAMMER: am stuck here at the moment
03:38:03 SCAMMER: and i need help with my flight ticket back home
03:38:26 Chris: yeesh, not sure i have that kind of scratch
03:38:49 SCAMMER: I Was wondering if i could get a quick loan from you to complete my ticket fee
03:38:55 SCAMMER: $650
03:39:04 Chris: yeah i definitely dont have that
03:39:08 SCAMMER: I Would refund it back to you as soon as am back home
03:39:24 SCAMMER: How much can you afford to me as we speak
03:39:27 Chris: well
03:39:37 Chris: if you can wait 6 or 8 hours
03:39:51 Chris: me and [EX-COWORKER1] and maybe [EX-COWORKER2] can get that together
03:40:20 SCAMMER: My flight leaves london in less than some hours
03:40:32 SCAMMER: That is why i want to know how much you can afford
03:40:34 Chris: yeah i just paid $2100 in rent
03:41:15 SCAMMER: How much can you afford to me
03:41:18 SCAMMER: Now
03:41:23 Chris: maybe $200
03:41:29 Chris: hang on a sec
03:41:35 SCAMMER: Ok
03:43:18 Chris: is this a business trip?
03:43:35 SCAMMER: I Came here on vacation
03:43:57 SCAMMER: Can you make the it $300
03:44:13 Chris: not if i want to eat in the next couple of days
03:44:37 SCAMMER: i promise to refund it back to you as soon as am back home
03:45:04 SCAMMER: You can have the money to me through western union
03:46:07 Chris: what does [OLD ROOT PASSWD] mean to you
03:46:34 SCAMMER: am freaked out right now man
03:46:43 SCAMMER: so i can’t get what you mean by that
03:46:51 Chris: did you file a police report?
03:47:01 SCAMMER: Yeah
03:47:12 SCAMMER: But is not yielding result
03:47:36 SCAMMER: Cos i was asked to wait till three weeks time before i get my a** out of here
03:47:40 Chris: who is [OLD BOSS]
03:48:13 Chris: what is your flight number / carrier?
03:48:46 SCAMMER: It was in my wallet when those robbers came in
03:48:57 SCAMMER: so there absconded with my wallet
03:49:10 Chris: establish your identity
03:49:29 SCAMMER: SCAMMER
03:49:36 Chris: what’s your paypal addr?
03:49:49 SCAMMER: what do you need that for
03:50:09 Chris: don’t try to scam a scammer, son
03:50:25 SCAMMER: Really
03:51:17 Chris: i think we’re done here.
Changed status to Offline (03:51:21)

    Now how crazy is that?  Real-time chatting with someone who has stolen your friend’s login information and is now trying to get you to send him money.  From a scam perspective, my first reaction was “Wow, that’s not very efficient”, because it required one on one interaction with each of your victims… but after thinking about it further, this is how cons have traditionally played out!  After doing some quick Googling, turns out it’s working too!  Of the first four links I found after searching for “Facebook scam stuck in London” (yeah, they apparently haven’t bothered to update the city they’re stuck in), one had sent them $300.  Not too shabby… I mean if you’re into stealing other people’s money from them.

    So how does something like this happen?  Well, presumably Chris’ friend has fallen for one of the growing number of phishing scams on Facebook (this type of attack could just as easily take place on MySpace) and unknowingly provided these goons with his login credentials.  After that, it’s just a sit and wait game.  A friend pops online… you hit them up.

Think you would fall for this type of scam?  Let me know what you think.

– Dan Thompson

P.S. Special thanks to Chris for letting me steal his thunder a bit.  Good stuff!

In this interview I discuss computer hacking today and how that relates to viruses, as well as the latest virus to hit the headlines; the conficker virus. Check it out and let me know what you think… and of course, how you like the new format.

– Dan Thompson

— Dan Thompson