Saturday, May 22, 2010

Facebook: One stop shopping for identity theft

I've witnessed two camps emerging lately.  On one side we have "I'm closing down my Facebook account" mostly driven by those that have been turned off by recent articles in Time and elsewhere about how easy it is to data-mine other's Facebook profiles.  At the other end we have the "I'm not that private of a person, and anyone that wants to know what Grandma cooked us for dinner is fine by me..."

I'm somewhere in-between.  I consider myself technically savvy enough to configure my profile privacy settings and watch Google alerts to see when my name surfaces on 3rd party sites.  Recently I've watched friends post some fairly benign information, but in 2-3 clicks - I realized they'd given away more than they'd realized.

Here are just a few things you might not have thought about when it comes to why you want to be a little more private and a little more guarded about what you share on-line.

How many of your web site security settings use 'secret questions'? Credit card companies, on-line e-mail services like Gmail/Yahoo/Hotmail, cell-phone companies, your company's self-service password reset tool, your 401k, your brokerage account - all of these typically employ 'personal information' type questions as part of an identity scheme.


  1. Mother's Maiden name - Want to find out someone's mother's maiden name ? - Look at Facebook, find their aunts/uncles/cousins. - It's easy, that is the last name that's repeated 2nd to the person's last name. (Even easier are those that friend their mother that put's their maiden name in parentheses :-)
  2. Street you grew up on - When you look at the percentage of friends on Facebook that are from High School, you're already within the zip-code.  Now you just think about who rode what bus and a little Googling of their last name to see if their parents are still in the same house and you're there. - Many of my friends that didn't go to my high school list the high school they went to,, so just surf around that high school on Google Maps and for smaller towns - you'll find you are closer than you'd suspect.
  3. First Pet - Just browse those scanned in childhood photos. - Obviously not as common, but you'll be amazed if you surf some of those albums what you'll find.
  4. First Car - How about those famous "Notes" threads/chain-letters that go around from time to time ? - Heck, I think if you search my profile back far enough I even have a photo of it for you.
  5. Favorite Sports Team - Again, thank you Facebook for creating "Fan of" and "Groups" - it won't take long at all to identify their allegiance - that is assuming that they didn't go to a Big-10 NCAA school and have a front-license plate to give this one to you as a freebie.

So - What DO you do about this ? - I've discussed this with a few highly respected security folks that I know and I'm starting to consider using an alternate persona for my on-line security.  Someone that I know lots about.  Just as an example - What if I were to answer Mother's Maiden with "Bouvier", Street I grew up on with "Evergreen Terrace", and First Pet with "Snowball" ?

That's all for now. I gotta go update my Facebook status with the 3 digits off the back of my credit card.
-DS

Monday, April 5, 2010

Thank you Cisco !

After nearly 10 years with one of the greatest companies in the world, I've decided that Friday April 9th will be my last day with Cisco.  My departure is one which is based solely on my excitement around a unique opportunity that has presented itself.  I have nothing but the highest level of respect and admiration for all of those at Cisco whom I'm proud to call mentors and friends.  I continue to have the highest confidence that Cisco will be amazingly successful based upon their incredible leadership and the talent of individuals around the world.

Before I turn my attention to what awaits in the very near future, this week will be focused on ensuring that I wrap up or hand off existing projects and ensure that I'm able to stay in contact with so many of you in the future.

All my very best -
David
(dstafford@gmail.com)