Wednesday, August 18, 2010

Facebook Dislike Button Scam

All you overly paranoid Infosec people who scoff at the slightest hint of risk taking can just take a chill pill right now. It'll take you a few years to learn--and I hope you do learn for the sake of the companies you're supposed to be protecting--that there's no place for ultra paranoia in the business world.  Maybe I'll explain that in another post.

I bring up this point because I can just hear some infosec folks sniffing arrogantly when I admit that I use Facebook. Well, guess what, I am balancing risk versus benefit, something those sniffly infosec people should try sometime.

There are risks I'm taking using Facebook and, in fact, I did get partially snookered by the Facebook Dislike Button Scam. In that I clicked "like" when I saw the thing. I didn't actually use it.  And I'd like to believe that if I had, I'd get suspicious of it trying to do a survey and I would disallow access to it in the end.

Guess what, social engineering works beautifully, even occasionally on an infosec pro. There's no way to reliably patch wetware against it.

The best we can do is achieve a reasonable, helpful level of paranoia that prevents us from doing overly stupid things.

Then hope the rest of our technology defenses protect us from our slightly stupid mistakes.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.