If you are having trouble viewing this email, click here to view this online


   ISSUE 4

14 NOVEMBER 2011

Article of the Month   Around the World

Facebook survival Tips

What if someone asks you not to use Facebook?. Would you listen to him or her? Probably not. Many people are senselessly over-sharing information on Facebook, without any second thoughts as to who would be reading their posts or what effect it could have on them in the future. Do you know that many of employers are using Facebook to check potential employees prior to hiring?

According to Sri Lanka CERT|CC, Facebook victims are on the rise (http://bit.ly/rNPb59). But what can we do? It is not like that we can stop using it. To reduce the problem, Facebook has implemented a plethora of privacy and security controls. But still, a true reduction is not that easy. As it turns out, the problem continues to grow.

These controls are quite confusing even for the tech savvy geeks.  Generally, people don not bother to read manuals or FAQs to understand them clearly. When was the last time you read an End User Agreement?

After looking at the guidelines published by Facebook and many other security (and privacy) gurus, I came up with following generic guidelines that addresses the common concerns.


Do not post anything on Facebook (or online) which you do not want your boss, girlfriend, customers or the lecturer to see. I know, you think a plethora of privacy controls can protect you. But history has proven otherwise. There is no security patch for human stupidity. Besides, there could be a day, someone would perhaps post your Facebook credentials online for everyone to enjoy. How soon would you know if something similar actually happens?

2. Configure your privacy settings
  a. You can restrict who can search for you on Facebook

Who would be able to see your address, phone number, date of birth and other personal details


Who can see your albums and pictures?


Who can write on your wall? Take control of who and what can be posted on your wall and the news feed

  e. Stop sharing information with third party applications

Don�t accept all friend requests you receive. Refrain from adding unknown people as friends. Choose friends wisely.

4. Configure two factor authentication. 

According to Veracode, Facebook will keep your data even if your profile is deactivated. But deletion may be a better option (http://bit.ly/sFmijT).  

And finally, this is no comprehensive guide to privacy and security on Facebook. Above mentioned steps would get you started on being more security and privacy conscious. Remember, security (and privacy) are not one off things. What is secure today may be insecure tomorrow (or in a few seconds). So it always makes sense to know what�s going on out there.

Parakum Pathirana

CISM Coordinator - ISACA Sri Lanka Chapter

600,000 hacks a day, welcome to Facebook The Social Network� reveals rips in the web

By Natalie Apostolou

Every 24 hours 600,000 Facebook accounts are subject to attempted hacking or violation, Facebook has revealed.

40,000+ email addresses and passwords discovered on phishing site

  By Stephen Chapman | November 14, 2011, 8:00pm PST

Summary: Over 40,000 Hotmail and MSN email addresses, along with passwords, have been discovered on a phishing Web site. Read about the incident here.

Most SL Facebook complaints from females on identity theft

By Jagdish Hathiramani

Of the 1,600 Facebook related complaints that have been received by the Sri Lanka Computer Emergency Response Team (Sri Lanka CERT) since the beginning of 2011, the majority of these incidents pertain to the opening of accounts, later reported as false, using the identity of mostly real life Sri Lankan females; according to Kanishka Yapa, Information Security Engineer at Sri Lanka CERT, the Information and Communication Technology Agency-subsidiary that has been tasked with national cyber security protection. These fake accounts, once created, are later used to carry out various abusive activities.

Month in Brief

Facebook Incidents Reported to Sri Lanka CERT|CC in October 2011


  Fake + Harassment



Statistics - Sri Lanka CERT|CC



The security implications of being stuck with an old Android OS

  By Kenneth van Wyk

'....There's been some disturbing news about Android security recently. It appears that many shipped Android-based devices are simply not getting system updates. Apart from getting righteously frustrated as consumers, we should also understand the short- and long-term effects this has on security.......'

Security threats to expand in 2012
  Posted on 14 November 2011

Attackers are sidestepping automated security technology and are using social engineering and data mining to orchestrate attacks against prominent individuals and their corporate networks, according to Digital Assurance.

The 12 scams of Christmas
  Date Published: 10th November 2011

'Tis the season for consumers to spend more time online - shopping for gifts, looking for great holiday deals on new digital gadgets, e-planning family get-togethers and of course, using online or mobile banking to make sure they can afford it all.

  Notice Board
  Training and Awareness Programmes - November 2011
Date Event Venue
- 18 Teacher Personality Development Programme-�Tharani� Ruwanpura National College of Education-Kahawatte
- 24 Opening of Sri Lanka Gwangju friendship ICT Laboratory Mahinda Rajapaksa National school, Homagama
- 23-25

Teacher Training to Educational e-content

ICT Laboratory of ICT Branch, Ministry of Education

Brought to you by:                           

In partnership with: