Good news and bad news…the good news is that new ideas on how to connect and communicate are still coming…enhancements to Facebook, Google Buzz…lots of good ideas.  The bad news is that folks seem to have forgotten that there are a lot of bad guys out there and you need to protect your social networks just as much as you need virus protection software for your pc and a firewall for your network.

Keep in mind that hacking has taken on a new strategy whereby the hacker gets in and keeps their presence quiet so that they can pick my opportunity to take advantage…no longer are they just attacking…hackers are in stealth mode and your social network is a great target.  Also note that hackers post successes for others to read…so that when one gets in, the rest can follow.

Social networks are the new big “Greenfield” opportunity for hackers.  People are forgetting that your network has a ton of info about you and a ton of info about your friends.   I have been seeing reports of Facebook hacking scams where a hacker gets in to your page, changes the password so that you cannot get in and then scams your friends by telling them you are trapped in some foreign country and need money.   Your friends respond by sending you money…only problem is that you don’t get the money…the hacker does.    Facebook has a form that must be filled out if your account has been compromised.   Make sure that you know where to find it on their site as it might come in handy some day.

Other tips include limiting the info that is on your page…don’t have your complete birthday (just the month and date are good enough) and don’t put your full name or address or cell number on the page.  Also watch out for information that you unwittingly include…such as your schools name on a sweatshirt or a license plate on a car.  Hackers are smart people…don’t forget that…and your friends already know how to get in touch with you.  Also make sure that you review the privacy settings…don’t just go with the default.

Google Buzz…you have to love the notion of using your email list to automatically create your social network.  I think that this is a great idea because the people that I email all the time are great candidates for my social network.  Only problem is that my contacts could become publically available.  Don’t worry as Google is fixing the issue, but this is a great example of a well meaning company making a mistake.  Google is getting real serious about social networking and Buzz won’t be the last we hear from them.

So what is the bottom line…for me it is that you have to pay attention to the details and make sure you information is protected no matter where it is stored.

Check out this MSNBC Article about consumer data breaches.

This article provides some disturbing facts about consumer inaction when notified of a data breach. Most interesting to the average consumer is the matrix towards the bottom of the article. It shows what type of data can be stolen, the types of fraud that can be perpetrated with each type of data & the steps that consumers can take to help themselves.

Great news! G.1440 partnered up with The Maryland Association of Certified Public Accountants (MACPA) to deliver web security solutions that current standards such as firewalls and anti-viruses cannot deliver.

Chris Howe, Director of Systems & Technology, states “Too many companies believe that their firewall, hosting company or even anti-virus software will protect them, but these vulnerabilities exist in the site code that is displayed on the web, and are not protected by network security measures.”

Over 90% of websites have Security Threats. Only 1% have a threat prevention plan. A clear solution that won’t interfere with your site, network, or operations, and security starts at around $1 a day.

Check out this article to learn more about the partnership.

Yesterday, The Register published an article detailing a scary story.

HolisticInfoSec.org found critical Cross Site Scripting (XSS) hacking vulnerabilities on Ameriprise Financial’s website.  The worst part is that they notified them of the issues, and were ignored for five months – leaving Ameriprise’s customer information vulnerable.   The article can be read in full here: http://www.theregister.co.uk/2009/08/20/ameriprise_website_vulnerabilities/.  The Consumerist (owned by Consumer Reports) also published an article about The Register’s story.

I find it a bit frustrating that any company within the financial industry would not be treating this type of vulnerability with the greatest of priority.

According to the article, Benjamin Pratt, VP of Public Communications, has stated that Ameriprise has addressed their web vulnerabilities.

“He said Ameriprise officials have no way of verifying that the bugs were reported as long ago as March, but in any event he said that there are no plans to review any of the mechanisms the company may have in place to receive notifications from the public about website vulnerabilities.”

Ameriprise customers have their finances in the hands of this company, yet the company downplays the importance of addressing website vulnerabilities, for whatever reason.

If your doctor downplayed the importance of avoiding cancer, you would be concerned, right?

CIO.com is reporting the latest in one of the fastest growing trends facing our industry – web hacks.

According to the article, thousands of legitimate web sites were hacked over the weekend.  Malicious scripts were inserted and legitimate organizations’ websites were taken control by criminals.  The script re-routed users to a malicious site, which in turn downloads and launches a multi-exploit hacker toolkit that perpetuated the problem.

This is just another reason why it’s imperitive to know all of the scripts running on your site, as well as any vulnerabilities your web software has to hacks.  Even if you’re just a small business with a simple website – you could be part of an attack like this, and you could be on the hook for thousands of dollars in clean up costs.

That’s just not worth it – especially when monitoring starts at about a dollar a day.  Don’t be the next headline.