This is the 47th episode of the Shared Security Podcast (formally the Social Media Security Podcast) sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions. This episode was hosted by Tom Eston and Scott Wright recorded October 28, 2015. Below are the show notes, commentary, links to articles and news mentioned in the podcast:

Do you know which of these stars have the most celebrity impersonations?

I did a quick check of which celebrity had the most impersonators on each social networking site:

Facebook – Bradley Cooper

I also noted that there were less than 30 impersonators in total, for all the celebrities in the picture, on LinkedIn. What does this mean? It might mean scammers are less excited about using LinkedIn, but it could also mean that businesses don’t use LinkedIn so much for communicating with their followers. I think there’s just as much scamming going on by attackers who impersonate businesses in the more popular social networking applications. What I also think is interesting is how ZeroFox uses advanced tools to categorize the potential attackers and prioritize the risk from each impersonator, which involves separating the parodies from the real scammers.

– Scott

Our kids need to talk about it

This is a really an important and eye-opening article. It digs a little deeper into the frequent negative impacts that social media have on children and families.

Knowledge of child psychology might help. But it’s also just letting your kids know that you’re trying to understand the pressures they are feeling, so you can help them through. I think discussing stories of incidents that may have happened to others (either in the news, or in your community) makes it easier for them to relate, and discuss their views.

As a parent of 3 kids, I think you also have to resist the urge to judge your child’s actions or feelings. They really can’t help the way they feel, and they are still immature, so they’re going to make mistakes. What you can do is help them have a healthy attitude and recognize the merits and impacts of the actions they might want to take. As the article hints at the end, you need to understand the environment your kids are in. So, as much as you may hate the idea of having a Facebook account, setting one up and using it (not to spy on your kids, but to experience what’s going on in today’s culture) can make it easier to see things from their point of view. It is a conflicting situation for parents, though, to rationalize whether you are really spying on your kids, simply intruding on their privacy, or looking out for their best interests.

– Scott

Europe’s highest court strikes down Safe Harbor data sharing between EU, US

This is huge news as this ruling will likely force Facebook, Twitter, Google to keep EU data in the EU. It is important that privacy laws be respected and enforced. And in this case, the CJEU seems to be doing a good job of overseeing the Safe Harbor agreement. This agreement basically says that, if the personal data of EU citizens is transferred to a country outside the EU, it must be protected to a certain standard. However, the case has brought to light that the standard for safe harbour does not really go as far as it needs to in order to properly protect the privacy rights of EU citizens. So, the conclusion is that companies like Facebook should not be allowed to move EU citizens’ data overseas, since privacy will not be upheld.

One instance they give, as an example of how the agreement is too weak, is the potential access rights that the US government has to all data held within the USA. But this is an argument that can be extended to the UK itself, given what is now publicly known about the UK government’s surveillance activities. In this sense, the EU citizens’ data may be no better protected inside the EU than outside.

– Scott

Consumers think IoT security is a piece of cake; IT pros have another name for it

“manufacturers don’t make consumers sufficiently aware of the types of information connected devices can collect.”

– Scott

Hackers Can Silently Control Siri From 16 Feet Away

This is really not a threat at all right now.  There are a lot of caveats to this attack and I would just note that these types of hacks are always evolving.

– Tom

An elaborate combined phishing and phone social-engineering attack against 2-factor authenticated Gmail accounts

This kind of attack is not new, but with the increase in use of Gmail’s two-factor authentication, an attacker can gather the password and SMS second factor code in real time using a phishing scheme. It’s often primed by a social engineering phone call in which the attacker contacts the victim using an issue that the victim is likely to care about. The caller then says they will send a link with more information that can be found in a Google Drive shared document. When the user tries to access it, the fake site presents a real-looking login and two-factor form. Since it is all done in real-time, the caller can access the victim’s real Gmail if they act before the two-factor code expires.

The combination of phone and email gives people the impression that it’s not likely to be a scam. So, be careful about acting on hot button issues when you receive a call or email “out of the blue” that leads you to a Google drive or other similar login page.

– Scott

Please send any show feedback to feedback [aT] sharedsecurity.net or comment below. You can also call our voice mail box at 1-613-693-0997 if you have a question for our Q&A section on the next episode. Be sure to visit our website, follow us on Twitter and like us on Facebook. Thanks for listening!

The post The Shared Security Podcast Episode 47 – Celebrity Impersonations, Social Media and Kids, EU Safe Harbor appeared first on Shared Security Podcast.