The Smell Test (by Paul W. Smith)
Capture packets with a standard Windows tool (by Paul Offord)

Check Your Social Media Security Settings (by Tony Fortunato)

Review your social media security

In the wake of current security issues, I thought it would be a good exercise to review my social media security and application settings.

To be honest, I have only heard of such an exercise but never actually done it.

Yahoo:

I started with Yahoo since it was in the recent news. I was surprised how simple it was.  I simply clicked on my account avatar and selected the only option, “Account Info”. 

Once there, I clicked on “Recent activity” and reviewed what devices accessed my account and from where. A quick glance at the recent activity revealed nothing suspicious confirming that all is well.

I moved on to review the various apps or sites that I have used my yahoo login to access. I honestly don’t remember authorizing Google and can’t figure out why I authorized it back in 2012, so I removed it. 

I give Yahoo credit for their reports that report ‘last used’ and location which I used to validate the application or site in question. Since I travel quite a bit, that little tidbit was extremely helpful.

Be careful with what you play with. A good example was when I disabled the “Allow apps that use less secure sign in” option and my Outlook suddenly failed when trying to retrieve emails from my Yahoo email.  Oops..

Linkedin:

With Linkedin, I put my cursor over my account image and chose Privacy and Settings and then clicked on Third Parties.

I didn’t find the same level of information compared to Yahoo, but the items were pretty obvious to me. I noticed that I had some applications and sites that I tested a few years ago, but don’t use anymore and removed 5 of them

Google

Google was very easy to configure and detailed with its reports. Click on your Google avatar and choose My Account.

 I selected Device activity & notifications, reviewed the Recent security events and determined all was well.

I moved on to Recently used devices to ensure that I recognized the devices listed. Having the last accessed reference was very helpful. I was quite surprised how many devices I had that used my Google login. I wish there was way to delete old devices to make the list a bit smaller or rename them.

Then I checked the APPS or sites that have authorized access to my Google account and removed many that are not familiar to me or not used anymore.

Facebook

Lastly, I went to my Facebook account settings and selected Apps to see which websites or apps I logged in with my Facebook credentials. As with other sites, I removed sites that I no longer use or recognize.

I took the process of logging in with my social media account for granted, not to mention that when sites request access, they may have access to more than you expected.

Lets look at Discus as an example.

Discus will receive your public profile, friend list and email address by default. Most sites, allow you to edit those defaults.

In this case, you can disable Email address and Friend List.

In summary, I would strongly suggest you check you social media security account details and read the screen before accepting the defaults when allowing the site to use your social media account.

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »

Comments