Information on social media sites has been used against employees in ways ranging from performance evaluation to legal risk. For example, when an employee files for disability compensation and during the same period posts pictures of physical activity. “There are real concerns in terms of how social media can affect your employment status and potential job opportunities by what you do on a daily basis on these sites,” says Porfilio.

Recently, a San Francisco-based civil rights advocacy group, the Electronic Frontier Foundation (EFF) sued the Justice Department and five other federal agencies under the Freedom of Information Act to force the government to disclose its policies for using social networking sites in investigations, data collection and surveillance.

As a result of the lawsuit, the foundation obtained documents from the Department of Justice and the Internal Revenue Service that describe the value of Facebook, Twitter, MySpace, LinkedIn and other sites.

However, the boundaries are still unclear. “These documents don’t really discuss any mechanisms for accountability or ensuring that government agents use those tools responsibly,” says Marcia Hofmann, a senior attorney with the Electronic Frontier Foundation.

“There needs to be a proper justifiable framework and procedure in place to understand the parameters for such type of activity to occur,” says David Navetta, founding partner of the Information Law Group and co-chair of the American Bar Association’s information security committee. “So far there is no procedure to hold the government responsible or remedies for individuals whose privacy may have been compromised as a result of these investigations.”

7 Tips for Job Seeker’s Safety
From a job seeker’s perspective, one needs to be consistent in one’s activities and information posted about employment history, business references and recommendations provided. “The slightest conflict in their profiles can make them a potential target for fraud and ruin their online reputation,” says Porfilio.

The employer, on the other hand, needs to ensure that online hiring practices are fair and not discriminatory. How do they source their candidates? What kind of background checks do they perform? What are their typical factors for selection? “These investigations are only likely to get more widespread and intense, pushing the need for transparency in the employer-employee relationship,” says Porfilio.

Tips for ensuring online safety include:

• Use Good Judgment: Consider how your comments would be perceived before you actually post them, and put logic above emotion at all times. “Before you hit ‘post,’ realize that this will be a permanent reflection of your identity, and it may never be erased,” says Porfilio. Assume that anything you put on a social networking site will be seen by third parties, and “ask yourself whether you would want that seen,” says Navetta.
• Know Your Contact: “The key is: know your contacts,” says Navetta. Do not accept friend requests from suspicious people. Use proper introductions when adding users as friends or connections. Once you connect with somebody, they will have access to your information, and — depending on who they are — you might not want them to have that level of access. A good practice is to go through your contact list frequently to ensure you have a tight and trusted network of people, says Navetta.
• Do Not Tag Photos: “Don’t allow individuals to tag your photo, as unflattering pictures could end up costing you or your friends their jobs,” says Porfilio. A big risk in your friend putting that picture up of you from college doing silly things, and then tagging the picture — It might also get picked up on a search engine. So, if a recruiter does a search, it could come up. There are settings in social media sites to prevent friends from being able to tag you.
• Change Your Passwords: often and do not use the same password for social networking sites that you use for your email accounts and online banking.
• Know Your Privacy Settings: Many sites such as Facebook provide users with a great deal of control over who can access their information. Those settings can be confusing, says Navetta, but there are websites like these that explain how to lock down Facebook’s privacy settings, including BusinessInsider.com. Note also that Facebook is creating simplified privacy settings for future use.
• Be Consistent: Using the same photo, consistent profile language, message and links on all social media sites reduces the chances of identity theft and generates trustworthiness and recognition among employers when conducting background checks. “Job seekers also need to think twice before clicking on any links in social media sites, as these links can show up on their online history and result in turning off recruiting and hiring managers,” says Porfilio.
• Avoid Controversial Statements: If you think that somebody could take offense with respect to a political view or offensive language or comments, don’t make them on a social media site that can be viewed by others, says Navetta. “Remember: if there is nothing offensive on your site, there is nothing for potential employers to get judgmental about.”

“The Google chrome browser is vulnerable to memory exhaustion based denial of service which can be triggered remotely.The vulnerability triggers when Carriage Return(\r\n\r\n) is passed as an argument to window.open() function. It makes the Google Chrome to generate number of windows at the same time thereby leading to memory exhaustion. The behavior can be easily checked by looking at the task manager as with no time the memory usage rises high. The problem lies in the handling of object and its value returned by the javascript function. Once it is triggered the pop ups are started generating. The Google Chrome browser generate object windows continuously there by affecting memory of the resultant system. Probably it can be crashed within no time. User interaction is required in this.”

What’s Google’s take on this flaw, and have they acknowledged it already? Zero Day asked the researchers.

Q: This is the second DoS vulnerability that members from EvilFingers disclose. How is the second one different than the first one, and how would a remote attacker take advantage of it?

A: Ideally, both are Denial of Service attacks. But second one is different for the matter that it does a memory exhaustion, or I would say “performance” peaks with the pop-ups. By default, all the pops are blocked by Chrome, but still the CPU usage jumps up to 98% and so does the memory consumption, therefore other processes will surely be affected. And then the PoC for the first one crashes the chrome right away without any reaction time to the user or any user way to prevent the loss of work. But with the second one, an experienced user can prevent the same and can save work of other tabs before resulting in a browser restart. Or put in another way, first one is a crash of all tabs, second one is a hang of tabs.

Q: Since you’re responsibly disclosing the vulnerabilities that you find to Google, what is your opinion on their current response time and overall attitude towards the vulnerabilities that you’ve reported?

A: Response time with the first one was well appreciable, as it was fixed within 24hrs though it took some days to roll out next 0.2.149.29 ‘patched’ version. For this newer DoS, the patch is yet to roll out and they have acknowledged the bug for now.

Has Google’s Chrome level of exploitability changed since the first DoS vulnerability? It may well be declining considering some recently published browser market-share statistics, clearly indicating that a lot of users seems to have given Chrome a try, and are back to their default browsers. According to published Chrome stats by Net Application :

“At the end of its third week of availability, Google Inc.’s Chrome accounted for 0.77% of the browsers that visited the 40,000 sites tracked by Net Applications, down from a 0.85% share the week before. “The trend line on Chrome still has a slight downward angle, and these weekly numbers reflect that,” said Vince Vizzaccaro, Net Applications’ executive vice president of marketing. Although Chrome popped above 1% within hours of its release, the new browser now reaches that mark only in the middle of the night, U.S. time, Vizzaccaro added.”

StatCounter’s latest Chrome stats of over 450M page views globally, also indicate the introduction period and the slight decline afterwards. Chrome’s popularity is proportional with its level of exploitability, so keeping an eye on how many users stick with the (BETA) browser, will either increase or decrease it.

Source

Security firm Sophos warned on Thursday that e-mails being circulated on the Web that purport to offer a free iPhone game instead are carrying a Trojan horse that can take control of infected Windows machines.

The e-mails have subject lines like “Virtual iPhone games!” and “Apple: The most popular game!” The attachment is called “Penguin.Panic.zip,” which refers to the iPhone game of the same name.

The Trojan has been identified as Troj/Agent-HNY, Sophos said.

Sophos has not yet seen versions that run on Mac OS X, the Apple iPhone, or other mobile devices.