New DOD policy on Social Networking.
How long will it last???

http://socialmedia.defense.gov/index.php/2010/02/26/dod-official-policy-on-n
ewsocial-media/#more-648

As a result, you now have the US Navy posting ship movements and operational information on Facebook...

Idiots.

http://www.facebook.com/profile.php?id=778463185#!/posted.php?id=74281347822&share_id=332745463603&comments=1#s332745463603 (http://www.facebook.com/profile.php?id=778463185#%21/posted.php?id=74281347822&share_id=332745463603&comments=1#s332745463603)

When I was at my previous organization sitting in a SCIF I could log onto Facebook (and "the game that shall not be mentioned on SOCNET") and 98% of information there was classified TS.

Sitting here at the Dept of Education 2 months later I can't get shit, not Facebook, not T...., hardly anything at all.

Struck me as pretty damned strange.

The VA opened Facebook and Twitter several months ago. What I REALLY find scary is that DOD seems to be following behind the VA in lot of IT security stuff.

Starting to see instances of the problem already....

Israeli raid called off after Facebook slip

JERUSALEM – The Israeli military says a planned raid on a West Bank village was called off after an Israeli soldier disclosed its details online.

The military says the combat soldier posted the time and location of the raid on his Facebook page saying that troops were planning on "cleaning up" the village.

Fellow soldiers reported the leak to military authorities, who called off the raid fearing that the information may have reached hostile groups. The soldier was court-martialed and sentenced to 10 days in prison.

The military's statement Wednesday added that it is cracking down on soldiers' use of social networking Web sites and has launched a campaign warning of the dangers of sharing military classified information online.

From http://news.yahoo.com/s/ap/20100303/ap_on_re_mi_ea/ml_israel_facebook_fiasco

Banning these idiots from posting sensitive info on these sites is very prudent. They obviously can't use their own good judgment. They feel the need to do it just so they can look high speed or cool to their little friends.
The best source of information for the "enemy(ies)" has become these sites. I can't believe some of the shit I've seen cleared guys get busted for posting.
Back in the day(and still now for me) we guarded our privacy and personal lives like pit bulls. We didn't want anyone getting in our business and we sure didn't want it out in the public domain.
It just seems so ridiculous to me. Someone is going to get grabbed up or killed because of this shit, if they haven't already.
I made the mistake of opening a facebook account once. A friend wanted me to look at some photos he had there. I could only look at them if I had an account. I had to close the account within days as people were coming out of the woodwork(people I hadn't seen in years and didn't really give a shit about anyway) asking me stupid questions about where I was and what I was doing.
Look at all the posers that end up on there too.
Enough of my rant.

We were told some info about our mob one day, the next day at drill we had to yell at people for posting it on facebook. This is after being told several times "this is privileged information for you and your wife to prepare for what's to come, not for anyone else". And it continued every step of the way... These are people that have their privacy set so anyone can see too (which is stupid as all hell to begin with).

I have an account now, but it isn't under my name and I set up a new email account that didn't identify me. Then I set my privacy so that the only people that can see me is my friends. I found out that my account isn't even searchabe. My dad was trying to search and find me by my exact email and exact facebook name and it wouldn't show up.

1. If you cant find the privacy controls on a web page, please don't join it.

2. If you can't use Google to find something like: http://www.google.com/search?q=facebook+privacy+settings&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a please request computer user help.

3. Here's another...uh, don't type the letters that form a classified sentence. I bet if that guy got 10 YEARS, it wouldn't happen again.

It used to be hot chicks in bars looking for secrets, then cell phones (you still use cell phones, I guess), and now it's the internet. Do guns kill people, or do people kill people? Don't blame the gun.

P

FB is evil... Not FB itself, but the apps that are on it... This guy's blog has tappered off recently, but he was posting a new XSS hack daily for a little while: http://socialmediasecurity.com/

I lock down all my privacy settings and religiously block all applications as soon as I see them... but that can't be said for all users. There is no way I'd allow a person to play mafiaville or whatever on a corp/gov owned assett if I were in charge of internet useage policy... that's just me. I must be a dick.

The data you post out there is one component... someone gets your name and e-mail address... eh, so what. Nothing publisher's clearning house doesn't have.

It is the fact that you can click on one of those stupid links to a game, quiz, etc and it will launch malicious code on your machine at whatever level of privlidge you have... most people are local admin on a windows box. 80million users, that's a lot of targets for the bot herders.

It's a huge issue here too:
http://news.bbc.co.uk/2/hi/middle_east/8549099.stm

The Israeli military cancelled a planned raid on a Palestinian village after one of its soldiers posted details of the operation on Facebook.

The unnamed soldier revealed the time and place of the raid and the name of his unit on the social networking site.

He said on his status update that his unit planned a "clean up" raid.

The soldier was court-martialled and sentenced to 10 days in prison. He was also ousted from his battalion and relieved of combat duties.

I had a Facebook but deleted it because...
1. The big one... crazy women who would start adding my other friends (who they never met) as part of their own personal SSBI on me.
2. People (who I never cared enough about to stay in contact with) trying to get back in touch.
3. All the people who post the boring minute details of their life as though anyone gives a damn.
4. I hated when, in person, people assume you read what they posted or assume you knew they read your post. I liken it to jumping into the middle of a conversation.

Still, it was a useful tool for staying in touch with a lot of people.
Also, going out to bars or clubs, the new thing is for girls to pull out their iPhone and ask "do you have a facebook?"... Call me old school but I prefer swapping phone numbers.

Facebook has become so ubiquitous that you can use it as a tool...

You're the steely eyed killer... just put a profile out there of a data entry clerk.

Or for "clubbing" establish your cover ahead of time and have your gynocoligist's profile out there. Picture of you with your yacht, ferrari, vacation home in Aspen, etc.

Facebook has become so ubiquitous that you can use it as a tool...


Yes, it's definitely a powerful tool - especially for link network analysis. First place to go to look for info on anyone... just look at almost every single poser thread.

It's amazing how info can be pieced together. Many people have their profile set on private, but their friends list to public. If you go through their friend's profiles who aren't set to private... you can slowly start to build a good picture.

Yes, it's definitely a powerful tool - especially for link network analysis. First place to go to look for info on anyone... just look at almost every single poser thread.

It's amazing how info can be pieced together. Many people have their profile set on private, but their friends list to public. If you go through their friend's profiles who aren't set to private... you can slowly start to build a good picture.

Google "FOAF" if that kind of stuff interests you.

Also, going out to bars or clubs, the new thing is for girls to pull out their iPhone and ask "do you have a facebook?"... Call me old school but I prefer swapping phone numbers.

NOTE TO SELF> If wife ever lets you go out to a bar alone again; create bogus FB page that doesn't list you as married with kids.

no doubt, FB is open source AN with an automated collection plan.

I even noticed a link diagram app on their the other day!

Yes, it's definitely a powerful tool - especially for link network analysis. First place to go to look for info on anyone... just look at almost every single poser thread.

It's amazing how info can be pieced together. Many people have their profile set on private, but their friends list to public. If you go through their friend's profiles who aren't set to private... you can slowly start to build a good picture.

Yeah - there are some fun tools for doing that.

Great for illustrating maintaning PERSEC.

Most cops have 'clean' profiles out there but then all the spouses are "fans of the mayberry PD" or whatever... just join the group and mine the names back out of it.

Google "FOAF" if that kind of stuff interests you.

Thanks.

Banning these idiots from posting sensitive info on these sites is very prudent. They obviously can't use their own good judgment. They feel the need to do it just so they can look high speed or cool to their little friends.
The best source of information for the "enemy(ies)" has become these sites. I can't believe some of the shit I've seen cleared guys get busted for posting.

Social networking sites have not caused this problem. I agree they make the information passed by "loose lips" reach a wider audience, but the effect is still the same as trying to impress people down at the bar.

FB etc is not dangerous....but the attitude of the users is.

Before FB, security education was conducted, and it still needs to be done. The education just needs to recognise the impact of technology and address it.

I just flattened my FB account about 2 weeks ago. It was amazing. I began reading books again...not just comic books and Hustler either, REAL books!! Which leads me to believe that this is going to be a big productivity killer in addition to OPSEC risk.

I had a Facebook but deleted it because...
1. The big one... crazy women who would start adding my other friends (who they never met) as part of their own personal SSBI on me.


My rule number one is never admit to being on facebook. I don't use my real email address, I'm not searchable, etc.

Right. It's the poor judgment of the user not the tool.