The Free Press, Mankato, MN

Local News

April 4, 2010

Staying safe on Twitter, Facebook

Familiarity breeds skepticism for computer expert

MANKATO — Christophe Veltsos is an expert on computers and networks, but he’s far more paranoid using them than most of the novices among us. Sort of like a NASCAR driver putzing around in the slow lane like a stereotypical old lady.

The Minnesota State University assistant professor has a separate computer to check his bank account. Uses a special program to quarantine and open suspicious links. Has a thin plastic film he puts on his laptop that makes the screen appear darkened when viewed from the side to maintain his privacy.

And he is dumbfounded by all the information people put on social networking sites like Facebook and Twitter.

“You shouldn’t put anything on there you wouldn’t want the whole world to know,” he says, and that includes someone who knows a clever way to rip you off.

Maybe he’s just paranoid, or maybe he knows something we don’t.

Veltsos has a Ph.D. and teaches networking and software development classes at MSU, took a one-year sabbatical in information assurance in 2005 at Iowa State and has several ongoing certifications to keep updated in his field.

When Sarah Palin’s Yahoo e-mail account was broken into in 2008, it wasn’t done by a sophisticated hacker. Someone merely searched for information that’s out there for many of us — her zip code and date of birth — and answered a security question with a guess that she met her future husband in high school.

Likewise, hackers don’t have to be software geniuses to break into your account. They just need you to share information about yourself.

Veltsos has the most Twitter “followers” in Mankato (as reported by twitterholic.com), with more than 1,800 people receiving his short “tweets” under the moniker @DrInfoSec.

You don’t have to go to Veltsos’ security extremes to be safe.

His biggest piece of Twitter advice is not to use the same password for Twitter as you do for your bank. Someone with access to your account could send you a virus that, once opened, gives them control of your computer.

In addition, posting on Twitter when you’re going to be away from home can be exploited by someone who wants to burglarize your house, Veltsos said. Twitter allows users to automatically assign a location to where the tweet was sent.

Online criminals also use social networks as a sort of reconnaissance, to scope out people who might be vulnerable to some other electronic attack or trickery.

And even if you make your “tweets” private so they can only be seen by people you choose, they become public if someone without those privacy settings re-broadcasts them on their account.

Passwords are critical.

Veltsos uses three “rings” of security for passwords, with the lowest for incidental sites and the most complicated for banking and investment sites. Don’t use your dog’s name or your kid’s name or your date of birth. In fact, don’t put your birthday online at all because it’s a key piece of evidence for identity thieves.

Veltsos hasn’t retreated from networks just because many are so unsafe.

Instead, he encourages his students to design software with safety in mind, even though it means keeping up with the cat-and-mouse game that is information security.

Text Only | Photo Reprints
Local News