[url=http://meincmagazine.com/civis/viewtopic.php?p=30190877#p30190877:2onlqsy8 said:
abend s0c0[/url]":2onlqsy8]It's too bad people can't live without their facebooks or tweeters. Social media - just say no.
In this case; we're actually seeing some possible evidence that people might be
safer if they open a fake Facebook account and use Facebook's authentication and monitoring services as a trip-wire to sound the alarm when someone is trying to attack their accounts/ steal information about them.
Unfortunately, most people (even in sensitive professions, doing sensitive work) apparently aren't smart enough to do that: they put real information on Facebook, and then fail to adequately secure their accounts/ machines/ etc. Unfortunately, Facebook constantly nags users for personal contact details "for account recovery purposes" etc. Unfortunately, the State Department's in-house security people/ procedures appear to be substantially less advanced/ spartan/ effective than those at Facebook.
The government should be knocking on the door of Facebook, and paying them consultation fees to share analysis and account protection techniques. The old "multilevel security" models (which all but prevent information flow from classified to public) are obsolete for some security purposes: we desperately need a more active culture of sharing security/ analysis techniques (we can still protect the actual information). We need an active exchange between government and private industry, particularly now that private software/ services industry is getting mature enough to sit at the same table as an equal partner, on the basis of technology.
Until we start doing these things, even a
real Facebook account with
real contact information might enhance the security of some people — by alerting them to a possible intrusion before it gets too deep and embedded. But this is of course still very debatable, given the way in which the Facebook intrusions helped facilitate further attacks with information garnered thereby.
