James Mayes

Posts Tagged ‘Sophos’

Blog: Secure your Twitter account – Spring cleaning time!

In Social Media, Twitter, Twitter Tips on March 2, 2011 at 1:11 pm

Once again, Twitter’s been hit by a few rogue applications over the last week.  The two that have caught me are MyTwitterDirectory and Time on Twitter.  Both require you to sign in with Twitter, and both immediately tweet on your behalf, without expressly asking your permission.  Whilst I haven’t checked the fine print, I’m pretty sure this goes against the spirit of the Twitter API terms of service, so I doubt they will be around for long.  In the meantime though, what should you do?

  1. Delete the offending tweet.  These things tweet in order to be visible to your followers and grow. By removing the tweet from your stream, you reduce the number of people likely to get caught. There’s more detailed explanation of this here, from security firm Sophos.
  2. Revoke the applications’ access.

The second part effectively removes the connection between your Twitter account and the app – so stops it doing anything in future. If you check, you’ll probably find you have a bunch of other apps you’ve authorised in the past and either forgot about or moved on from.

Use this as a good opportunity to do a Spring clean. First up, go to twitter.com and log in. Next, open up your account Settings menu. On “New Twitter” (bravely assuming you’ve all now made the transition!) the menu is in the top-right corner.

Once you’re in the Settings menu, you’ll have a series of options presented.  Choose Connections.

You’ll now have a list of all the apps which have authorised access to your Twitter account.  More than you thought, I’ll wager.  Underneath each, you’ll see the option to Revoke.  Click it for each app you wish to remove.

<UPDATE Oct 2011>> Layout is roughly the same, Connections is now renamed Applications.

Be careful at this point not to get over-zealous.  For example, you may not have a WordPress blog, but you might have authorised it to make it easier for you to comment on other people’s – you’ll therefore want to continue to allow that. Likewise, don’t inadvertently remove the app you use for access from your phone!

Hope this helps – feedback, as always, is most welcome.

Blog: Facebook’s latest privacy changes

In Facebook, Social Media on January 23, 2011 at 4:58 pm

You’ll be well aware, I’m sure, that Facebook is getting pretty adept at third-party app integration and mobile technology. They have apps for the major mobile operating systems and the integration between your Facebook friends and your own phone book is getting tighter all the time.

Facebook also continues to change the way in which it works with third-party developers. These range from the major online game builders such as Zynga (think Farmville), down to small (sometimes individual) developers. When you add an app to your Facebook account, you are required to accept certain terms – which vary depending on the app and the developer in question.

www.facebook.comFacebook has now allowed developers to request access to your personal address and phone number.

A spokeswoman for Facebook confirmed that developers could now get access to this detail, but that “you need to explicitly choose to share your data before any app or website can access it” – so the choice is yours. But how many of us read the details before accepting each app? What level of scrutiny to Facebook undertake on the developers who are allowed to ask for such information?

These and other questions resulted in Sophos (a well-reputed security firm) suggesting users remove addresses and phone numbers from their Facebook accounts immediately: “Shady app developers will find it easier than ever before to gather even more personal information from users”. www.sophos.comThe full advice page from Sophos can be found here.

The problem for me is simply that many people using Facebook don’t read the terms when they add an app to their profile. We’ve seen a link, we want to do something, we trust Facebook with huge amounts of personal data already, so click, click, click – it’s done.

Personally, my mobile number is pretty public so I don’t mind that. My home address is different though – so Facebook now just lists my home town. If you want to adjust or remove the information you have on Facebook, go to your Profile, click the Info tab (in the left hand column, just below your Profile picture), then scroll down to Contact Information – right at the bottom. You can then click the option to Edit.

Credit: My thanks to Wendy Jacob for the Sophos link on Facebook Best Practice link.

%d bloggers like this: