How to safeguard your image online

by Leonor Albino, Schooley Mitchell on February 7, 2010 · 0 comments

in security

Have you tried Googling yourself? If you haven’t yet, you should. Some would readily dismiss it as mere vanity or ego search, yet at this very moment, an HR manager from a company you’re applying for or someone who’s been eyeing you for a date could be scouring the Web looking for every bit of information about you.

A photo of yourself plastered on your Facebook or MySpace page wearing the skimpiest of outfits and posing provocatively, or a blog lambasting your previous employer as an “obese, tyrannical, megalomaniac bitch” complete with juicy details about your boss’ personal life could turn off prospective employers or love interest.

And then, there’s the issue of hijacked identities. Anyone can practically post anything about another person on the Web and you might get the shock of your life if your Google search results return a profile of a porn star who uses your photo, name, address and other personal details.

When virtual and real worlds collide

With the Web becoming a very potent tool in promoting various brands and businesses and undeniably an extension of one’s real-life identity, experts have been emphasizing the need to leave a favorable digital footprint.

For instance, surveys show that hiring managers use the Internet as a crucial reference when trying to gauge an applicant’s qualifications for the position.

According to a research conducted by Microsoft, 4 in 10 HR managers have turned down applicants based on information they have seen on social networking sites like Facebook. In another research by Careerbuilder.co.uk, 53 percent of employers were turned off by applicants’ inappropriate behavior on social networks. And yet, research shows that only 1 in 1,000 job candidates gave credit to the Big Brother aspect of the Internet as an important factor when hunting for a job.

Three years ago, Stacy Snyder of Pennsylvania sued Millersville University for denying her of a teaching credential after a photo of her wearing a pirate hat and drinking out of a cup was posted on her MySpace page. School officials claimed the photo which had the caption “drunken pirate” was unprofessional.

Don’t let the mouse incriminate you

Isn’t it scary to think that several mouse clicks can ruin your chances of scoring that dream job or relationship?

If something nasty about you pops up on the first page of the search results, don’t hang yourself just yet thinking it’s already the end of the world for you. According to studies, employers and hiring managers rarely go beyond the first two pages of the results; therefore, just try to bury that piece of information. There are web tools, either free or paid, which can salvage your reputation by ensuring that possibly incriminating information does not show up on the first page of search results.

You can do this two ways according to an article, penned by web and social technology writer Kristin Burnham for CIO.com, entitled “How to Protect Your Reputation Online.” In the article, George Brown says you can build an online presence by signing up with Facebook, MySpace, LinkdIn, YouTube and Twitter. Brown is an online media consultant for clients wanting to polish their online image.

Monitor what people say about you

Practically anyone can say anything about you on the Internet, and once posted, it may take you from several months to half a year to fix the damage, experts say. The key is to monitor this early what’s being said about you so you can quickly do some damage control if necessary.

According to Brown, another way you can ‘clean up’ your online image and populate favorable search results is to buy a domain with your name. If undesirable content about you shows up on search results, you can crowd it out by simply filling this website with pages which are sure to rank highly in search results because the URL contains your name.

There are also Web companies that will gladly sanitize your online image for a fee, like ReputationDefender, Naymz, and IdentitySweep. These companies can either provide an extensive report of information about you in cyberspace, destroy inaccurate or inappropriate content, or alert you if your personal details appear in databases for stolen credit cards.

There are also free tools you can use to keep track of what’s being said about you on cyberspace. Google Alert is one such tool. It will automatically inform you when your name is mentioned in a particular website.

Naysayers might say you’re being too paranoid, but when you’re up against such a vast and powerful tool as the Web, it’s best to stock up on ammunition.  Check out Burnham’s five ways you can monitor information the Web reveals about you.

With all these options to help you maintain a pristine, employer-friendly image on cyberspace, however, experts say the best way to protect your online identity is to avoid putting yourself in a compromising situation in the first place. What may seem like an innocent and funny personal content to you and your friends right now may come back to haunt you in the future. That means, in this nonchalant share-all online culture, prudence is still the best policy.

Share This Post

{ 0 comments }

Latest Google Chrome version puts premium on security

by Leonor Albino, Schooley Mitchell on February 2, 2010 · 0 comments

in security

Google Chrome is implementing five new security enhancements in version 4.0 in a bid to boost its stake as a force to reckon with in the browser arena.

Adam Barth, a software engineer working on Google Chrome, revealed the following security features aimed at helping developers secure websites:

Strict-Transport Security

This feature ensures that Chrome uses only a secure connection by using only HTTPS when accessing a website and that all errors will be considered as hard stops. Barth says the Strict-Transport Security feature allows Chrome to defend itself against malicious attacks from people who control the network. It’s already in Google Chrome 4 and in Firefox’s security add-on, NoScript. Some websites like Paypal have already started using this feature.

Cross-Origin Communication with postMessage

The postMessage API is a method wherein gadgets are embedded in web pages with rich interaction capabilities to other page code but with heightened security than before. Other browsers like Firefox, Internet Explorer, Opera and Safari all use this feature.

ClickJacking Protection with X-Frame-Options

X-Frame-Options allow websites to defend themselves against clickjacking, a process attackers use to trick users into clicking a transparent or invisible button which leads them to a malicious website. By including the X-Frame-Options: deny HTTP header, the web developer is able to thwart attackers’ attempts to conceal malicious links.

CSRF Protection via Origin Header

The Origin header, a new HTML5 feature, protects websites from CSRF (cross-site request forgery) attacks. This type of attack involves stealing data from one website by another. The Origin header identifies which website generated the HTTP request. Barth said specifications for the Origin header are still being finalized.

Reflective XSS Protection

This feature helps webmasters ward off XSS (cross-site scripting) attacks. An XSS attack happens when an attacker harvests users’ private data by using malicious scripts. Barth said they added this feature to Google Chrome 4 as protection against one form of XSS called the reflective XSS. What the XSS filter does is check scripts before they are run on a page, preventing an attack. Barth said they are looking into improving the XSS filters in subsequent Google Chrome releases.

Google Chrome was first made available for download as a beta version for Microsoft Windows on September 2, 2008. Its speed, unique interface and features like crash control and incognito surfing quickly won over many users.

Chrome 2.0 was released in May 2009 amidst rave reviews for its stability and increased speed.  In September of the same year, an even faster version 3.0 with HTML5 capabilities was made available to the public.

Google 4.0 was released on January 25 after months of gathering user feedback and adding enhancements. The newest Chrome version boasts of such additions as extension support, improved developer tools and HTML5 support, and bookmark sync, among others.

While initial reviews of Google Chrome were mostly positive, researchers soon found certain vulnerabilities in the browser.

Share This Post

{ 0 comments }

Hacking of House websites probed

by Leonor Albino, Schooley Mitchell on February 1, 2010 · 0 comments

in security

The U.S. House of Representatives has ordered an investigation into the hacking incident of 49 websites belonging to its members and committees.

The hackers posted a vulgar one-line comment on the websites right after President Barack Obama’s State of the Union address Wednesday night.  The Red Eye Crew, Brazil’s notorious hacker organization, took credit for the anti-Obama tirade.

Some of the websites were immediately pulled down following the defacement, and some of them remained down until the following day. As of Thursday morning, some of the websites were still down for maintenance, including those belonging to Reps. Mike Honda (D-Calif.),  Joe Wilson (R-S.C.), Harry Mitchell (D-Ariz.), Duncan Hunter (R-Calif.), Spencer Bachus (R-Ala.), Jesse Jackson Jr. (D-Ill.), and Brian Baird (D-Wash.)

The incident prompted House Speaker Nancy Pelosi and Minority Leader John Boehner to request Chief Administrative Officer (CAO) Daniel Beard to give a full report as to how the hackers were able to access and deface the websites.

“We request that you initiate an immediate and comprehensive assessment of how hackers were able to deface the websites of nearly fifty House Members and Committees last night. In the past, we jointly requested that your office review and tighten cybersecurity protections designed to ensure that congressional offices and committees are safeguarded from unauthorized intrusions,” the letter read.

In the letter, Pelosi and Boehner recalled “previous security failures” by GovTrends, the Alexandria-based web service provider which maintains the sites. In August 2009, some 18 House websites managed by the same vendor were hacked by Indonesian cracker 3n_byt3 reportedly because employees failed to change the default password. GovTrends maintains about 100 member sites.

Pelosi wrote that the incident “indicate(s) that further review of security procedures are needed. From initial reports, these intrusions appear to be related to one website vendor which has had previous security failures. While many Members have expressed satisfaction with the vendor in question, this is the second time in a year websites hosted and supported by this vendor have been compromised. We therefore request that your office work with the Committee on House Administration to review the security standards for House vendors and to assess whether this vendor, and others, have adhered to those standards. We also request that you take immediate action to protect against breaches of the House firewalls and to ensure website security of all House offices.”

The hacked websites were from within the domains of house.gov, most of which belonged to members of the House. Other affected sites were republicans.oversight.house.gov, gop.cha.house.gov, republicans.financialservices.house.gov, and  resourcescommittee.house.gov, which are owned by House committees.

The CAO manages most of these websites, but private vendors such as GovTrends maintain around 40 percent of them. According to Jeff Ventura, spokesman for the House chief administrative officer, the CAO is considering a possible action against GovTrends.

According to Softpedia, web defacement records from Zone-H revealed that the Red Eye Crew was responsible for over 45,000 defacements in 2009 alone. Some of these websites belong to governments, military forces, and top business corporations.

Share This Post

{ 0 comments }

← Older Entries