I fell for it. When a tech-savvy and trustworthy friend posted a link on his Facebook wall, I clicked through without thinking of the consequences. The lure of Jersey Shore fails was too much and I clicked. Before I knew it, the app had installed itself on my profile, posted itself on my wall and had been sent to all my friends with a message asking contacts “do you kno about mtvs jersey shore.” Very embarrassing.

Quickly, I removed the posts and marked them as spam, alerted the friend where the malware originated, removed permissions for the app in Privacy Settings > Apps, Games and Websites, posted warnings on my wall and changed my Facebook password. The password change was a precaution resulting from my paranoia. I knew I wasn’t phished, but I wanted to make sure I was in the clear.

I worked as fast as I could to limit my contacts following the links I sent out, but is that enough? There were still booby trapped links waiting in email inboxes from the Facebook messages, what was my responsibility to those friends?

While it could be awkward, I think the best way to stop spam applications spreading is full disclosure.

Owning up to my Jersey Shore curiosity and warning those I could have potentially infected would be for the best. Luckily, I had previously exported all of my friend’s contact details from Facebook through a life hack. I sent the list an email, warning them not to click on any links I had previously sent and apologising for the security let-down.

In any online security issue, the human element is often the most likely vulnerability. Owning up to errors, no matter how awkward or embarrassing, is one way to limit the risk from those human screw-ups.

And the friend who I originally caught the malware from, offered to buy me a beer. Happy ending.

According to an article yesterday in Total Telecom, global smartphone shipments have surged 43% to 60 million units as more and more of us take up using the devices. It isn’t just consumers or business users either; militaries around the world are looking at uses for smartphones.

The US military has recently been considering ways to take advantage of social media, and no doubt the mobile internet will be a part of that. Smartphones in the hands of soldiers wouldn’t just be for Twitter though. Defence companies have been working on mobile apps for war. IT Pro today has posted a story about software that gives a soldier the ability find enemies in the surrounding terrain using a mobile phone with the Android operating system.

The software could be powerful enough to pick up aerial images from unmanned aircraft or satellites and then focus in on details like license plates or facial features.

It sounds like neat stuff, and would be very interesting if it ever makes it to the consumer market; Google maps to a scary new level! But we may not have to wait for consumer-friendly versions of military apps to be released before we get a sneak peak, if figures this week from the UK MoD are anything to go by. An iPhone 4 Gizmodo style leak might be expected.

From SC Magazine, it turns out that the MoD has been having a hard time trying to hang on to their gear. A freedom of information request has revealed that 440 laptops were lost or stolen in the past two years. As well as laptops, they’ve lost hundreds of DVDs, CDs and disks, 96 hard drives and 13 mobile phones. Worst of all, much of the data on lost devices wasn’t encrypted. Who knows what cool software or data is waiting on a forgotten phone in the tube’s lost and found.

Photo by Flickr user iamian_, licensed under CC BY 2.0.

1. What is the Security Cats blog all about?

I like to think of it as an irreverent take on security, we cover the mainstream stories with more of a personal take on the issues raised that we would perhaps not give in our main news stories. I also use it to publish opinion articles and things we have noticed.

2. Who is your audience? Why do you think they come to your blog for news?

Our audience is IT and security professionals along with those in the vendor, analyst and PR communities. We also hope to draw a wider audience to the issues of data privacy and information security. I hope that they come to us for our clear messages and language and for interest in what we write about.

3. What do you see as the hottest upcoming technology trend?

There are so many trends and talking points, but drawing from interviews I have done in the last 24 hours I will go for advanced authentication, specifically with how biometrics are being used in healthcare and how they could move into other sectors.

4. In your opinion, who are the biggest trend setters in technology? How do you keep up with them online?

There is a healthy mix of opinion from vendor-based researchers to independent analysts, I like following the security advisors at vendors such as Trend Micro, ESET and F-Secure (and obviously Symantec!) as they have a clear eye on threats without commercial influence. There is also some key analysts and bloggers such as Jeremiah Grossman, Avi Raff, Gary Warner, Brian Krebs and Robert Siciliano who provide interesting takes on current subjects.

5. Do you receive a lot of press releases and pitches from PRs? How do you think PRs should best approach bloggers?

For our daily news we do get a lot of input, sorting through what is and is not apparent is the biggest challenge as you want to keep a selection of new products with comment on issues and breaking news. For the blog site, there is no rule as I pick up on what I think may be interesting to write an opinion on, but generally I would not focus on new products and look at an opinion and give my perspective on it. For advice on approaching bloggers, I would advise PRs to offer an opinion that the blogger would want to respond to or comment on – they may be very critical but is there such a thing as bad press?

On Monday night I was at a discussion on social media privacy called Like Me, Love My Data, a Mashup* event at the BCS.

The debate covered the issues Facebook is currently facing with Like and OpenGraph. This has already been thoroughly covered in the media and online, and the event itself was written about in blogs, on Twitter and even on Channel 4 news (pictured above).  I don’t have anything too constructive to add to the conversion beyond what everyone is already saying, but I thought I’d share a couple of conclusions from the debate that I found interesting.

The panellists were Raffi Krikorian, the tech lead Twitterapi, who joined through Skype, Ben Cohen, technology correspondent at Channel 4 News, technologist Sam Sethi and Iskandar Najmuddin, Technical Director at Nudge.

Things that stuck with me include:

• In response to a question on the event Twitter Fall, the panellists concluded that the difference between a site like Digg or Twitter, where we happily share information, and Facebook is that Facebook is our real world network, our actual social graph. We also began as a closed community that is striving to become public, but we still have the expectation that it is closed.
• Ben pointed out that especially for young people who have grown up with Facebook, by not joining the site they exclude themselves from their real life social networks.
• With so many controversial changes to the site, from Beacon in 2007, the privacy setting changes at the end of last year and more recently with Like and the OpenGraph API, even if people adjust their privacy settings to protect themselves after a change, there is no telling when Facebook will change again.
• If you visit a site external to Facebook while still logged in to Facebook and that site has a Like button, then apparently Facebook knows you visited the site and collects that data. Perhaps not too menacing, but Facebook has yet to announce what it plans to do with the information. Is paranoia about this unfounded, or is there cause for concern?
• One of the audience members proclaimed that “if you are happy to have your life shared on Facebook then, my friend, you haven’t lived!”
• What I found most interesting was that despite being with a group of privacy conscious and tech savvy people, in a quick survey of the room no one was alarmed enough by Facebook’s privacy issues to take action and delete their accounts. I have been flirting with the idea myself, and making preparations, but come May 31^st, will there be a surge of people deleting Facebook for good?

With the repeated news of privacy letdowns from Facebook, like lots of other people I have been questioning my dependence on the social network. My quick conclusion is that the only reason why I always return to Facebook is that it is where my friends are. If I were to leave the site, how can I bring my friends with me?

Facebook doesn’t make it easy. They won’t allow you to export the email addresses of your friends, making it tricky to transfer connections should you decide to leave for good. Facebook’s competitive social networks, like LinkedIn, Twitter and niche sites, don’t have access to import contacts from Facebook, as they might with email providers like Gmail, Yahoo and Hotmail. The question of how to transfer connections between sites might be frustrating, but there is an answer, and it is a pretty simple one:

You’ll have to go through a middleman. Facebook will allow you to transfer contacts to an email provider like Hotmail. Hotmail will allow you to export email addresses as a .CSV file. From there, other social networks will allow you to import contacts from email addresses, most as a .CSV file. Happy days.

There are step by step instructions for exporting your Facebook contacts’ email addresses to Hotmail here. Once you have the file, you are free to bring your contacts with your wherever you go in the social networking world. While you’re at it, add dan.howe@speedcommunications.com in, it would be great to connect with you.

The general buzz around #Infosec and #Infosec 2010 kicked off on Monday 26^th April, with conversations peaking around 10am and 2pm on the first and second days of the show. With conversation beginning to dwindle on Thursday morning, it was Symantec’s acquisition of PGP and GuardianEdge mid-day on Thursday that caused the chatter to peak.

The #Infosec hashtag peaked at 26 tweets an hour and we reviewed roughly 752 tweets mentioning Infosec during the course of the show.  I’m not a mathematician, but that is around seven per cent of the 12,000 registered information security professionals using the show hash tags. Whilst, this may seem low, hash tag tracking is just one tool for monitoring conversation. Vendors were actively being discussed, old colleagues were arranging to meet and when Symantec made its announcement, the news quickly spread.

So, who was talking about what?

On Twitter…

Symantec to acquire PGP and GuardianEdge

Seizing of Gizmodo editor Jason Chen’s computers

Who needs exploits when you have social engineering

PDF malware using net attack technique

In the media…

Symantec acquires PGP and GuardianEdge (169)

Data breach notification law coming, says watchdog (54)

PwC report shows bleak security landscape (22)

And, the analyst take..

Gartner, Bob Walder: Infosec 2010 London “the only surprise being that HP didn’t try to trump Symantec’s acquisition announcements by grabbing McAfee!”

Bloor, Nigel Stanley: Time to hug a PGP employee? “Very rarely do I ever get to witness the effects of a corporate takeover first hand but the acquisition of PGP by Symantec”

Bloor, Bob Tarzey: The big yellow monster strikes again “the latest news makes Symantec even more of a force to be reckoned with”

Twitter is to hold its first developer conference next week, in a further sign of the micro-blogging site’s growing ambitions.

IT PRO – Men dominate mobile social networking
Men have the monopoly on using their mobiles for more feature rich applications, according to a new report.

ComputerWorldUK – Security experts argue over iPad enterprise readiness
Whether the iPad is secure enough for enterprise uses is debatable, based on a survey of several analysts and experts. Some analysts say that with tougher data protection laws, the iPad deserves an “F” for security readiness for financial services companies and other federally regulated industries.

CBR – MPs pass Digital Economy Bill

The Digital Economy Bill (DEB) was passed in the House of Commons on Wednesday night after its third reading, following just two hours of debate.

The Daily Telegraph – Apple ‘planning smaller iPad’

A more compact version of the iPad will go on sale early next year, according to an influential analyst. The so-called “iPad mini” will feature a screen somewhere between 5in and 7in, compared to the current iPad’s 9.7in display, said Mingchi Kuo, an analyst with DigiTimes Research.

CNET this morning reports that the iPad is a “massive joke” from Apple.

Speed client, Symantec are making plans to put a data centre on the moon.

TechCrunch said that Google has begun building an uranium enrichment plant, while Google themselves have introduced Translate for Animals, a new app for Android phones.

Firebox are selling a Wi-Fi clothes peg that reads temperature, moisture and precipitation then lets you know when your clothes are dry via an iPhone app.

There are some great videos too. Stolen prototypes from Qualcomm are causing savage butterfly attacks and iPhones are falling apart.

Meanwhile, Sophos reports that the best way to stop hackers is to distract them, in their story Sexy Romances Distract Hackers from Data Theft.

Happy April Fools day!

Super-fast broadband will be available to every home in the UK by 2020, the prime minister has promised.

The Register – Apple iPad magazines to be counted by circulation body

A rule that determines magazine circulation details could have scuppered publishers plans to bring their titles to the iPad.

Computerworld UK – Facebook stands up to UK.gov’s cyberbullying

The Home Office has half-heartedly claimed victory in its effort to strong-arm Facebook into publishing a child protection “panic button” on its users’ profiles. In fact, the government has been given an embarrassing lesson in rationality by the leading social network.

CBR – Government holds too much info on citizens

The UK Government holds more data on citizens than it needs to, according to members of the Chartered Institute for IT. Nudging two-thirds (61 per cent) of the 400 IT professional members questioned said the state held more data on citizens than necessary. Only 17 per cent believed that citizen’s rights were adequately protected by the current regulations.

Computer Weekly – Privacy International to set up $1m Asian privacy network

The Canadian International Development Research Centre has awarded a $1m contract to UK-based civil rights campaign group Privacy International to set up an Asian privacy network. Announcing the deal at Privacy International’s 20th anniversary celebration in London, executive director Simon Davies said the network would include Bangladesh, India, Malaysia, Pakistan, the Philippines and Thailand.

SC Magazine – The end of the computer is predicted, as Kaspersky CEO says that the future is with the smartphone device

Kaspersky CEO Eugene Kaspersky said: “Very soon in our lives computers and the internet will disappear and they will be replaced with smartphones and mobile networks and 5G. Devices are getting much more powerful and a device such as the iPhone is much more powerful than my desktop from eight years back.”

IT budgets are being focused on maintaining old systems, rather than implementing new ones, according to a new report from Forrester.

Computer Weekly – More young people vote on Big Brother than in a general election

Three-quarters of young people would engage in politics if they could vote by text message or social media, according to a survey of 1,082 UK citizens. The survey, which was carried out by mobile phone price comparison website Right Mobile Phone, found that over one-third of young voters would not vote in the election.

CBR – New virus targets corporate networks, credentials

Internet security firm NetWitness has discovered a new type of computer virus that has affected 75,000 systems in 2,500 organisations around the world. According to the security firm, the newly-discovered virus, known as ‘Kneber botnet’ gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information to miscreants who can use it to break into accounts, steal corporate and government information, and replicate personal, online and financial identities.