CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Cyber Security Tip ST05-013 -- Guidelines for Publishing Information Online

From: US-CERT Security Tips <security-tips () us-cert gov>
Date: Thu, 12 Aug 2010 11:28:20 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                          Cyber Security Tip ST05-013
                  Guidelines for Publishing Information Online

   Remember that the internet is a public resource. Avoid putting anything
   online that you don't want the public to see or that you may want to
   retract.

Why is it important to remember that the internet is public?

   Because the internet is so accessible and contains a wealth of information,
   it has become a popular resource for communicating, for researching topics,
   and for finding information about people. It may seem less intimidating than
   actually  interacting  with  other  people because there is a sense of
   anonymity. However, you are not really anonymous when you are online, and it
   is just as easy for people to find information about you as it is for you to
   find information about them. Unfortunately, many people have become so
   familiar and comfortable with the internet that they may adopt practices
   that make them vulnerable. For example, although people are typically wary
   of sharing personal information with strangers they meet on the street, they
   may not hesitate to post that same information online. Once it is online, it
   can be accessed by a world of strangers, and you have no idea what they
   might do with that information.

What guidelines can you follow when publishing information on the internet?

     * View  the  internet  as  a  novel, not a diary - Make sure you are
       comfortable with anyone seeing the information you put online. Expect
       that people you have never met will find your page; even if you are
       keeping an online journal or blog, write it with the expectation that it
       is available for public consumption. Some sites may use passwords or
       other  security restrictions to protect the information, but these
       methods  are  not  usually used for most websites. If you want the
       information to be private or restricted to a small, select group of
       people, the internet is probably not the best forum.
     * Be careful what you advertise - In the past, it was difficult to find
       information about people other than their phone numbers or address. Now,
       an  increasing amount of personal information is available online,
       especially  because  people  are  creating personal web pages with
       information about themselves. When deciding how much information to
       reveal, realize that you are broadcasting it to the world. Supplying
       your email address may increase the amount of spam you receive (see
       Reducing  Spam for more information). Providing details about your
       hobbies, your job, your family and friends, and your past may give
       attackers enough information to perform a successful social engineering
       attack (see Avoiding Social Engineering and Phishing Attacks for more
       information).
     * Realize that you can't take it back - Once you publish something online,
       it is available to other people and to search engines. You can change or
       remove  information  after something has been published, but it is
       possible that someone has already seen the original version. Even if you
       try to remove the page(s) from the internet, someone may have saved a
       copy of the page or used excerpts in another source. Some search engines
       "cache" copies of web pages; these cached copies may be available after
       a web page has been deleted or altered. Some web browsers may also
       maintain a cache of the web pages a user has visited, so the original
       version may be stored in a temporary file on the user's computer. Think
       about these implications before publishing information—once something is
       out there, you can't guarantee that you can completely remove it.

   As a general practice, let your common sense guide your decisions about what
   to post online. Before you publish something on the internet, determine what
   value it provides and consider the implications of having the information
   available to the public. Identity theft is an increasing problem, and the
   more information an attacker can gather about you, the easier it is to
   pretend to be you. Behave online the way you would behave in your daily
   life, especially when it involves taking precautions to protect yourself.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle, Jason Rafail
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST05-013.html

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit

     http://www.us-cert.gov/cas/signup.html.










-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTGQSZz6pPKYJORa3AQIMLgf/fNv+pWmMHL8zyJ78/r7/s+EAU/BaPAvW
Z4oiDZllINdjIsJeH3w/lL2BwPp7QIackyZKvOSUos9tO8QyuibRA8DkkTJ2ASEL
V2ua+Cn8yKuZ47lFwxuWq70NIN9CBVOeipmMh4o/YkX5NbK2WttozJEfuyHHQKad
hwReECAEy7+8MVNBD5SMPsBej8hFFizc8yhw+5hTJaUav7ffipMacnnrRLWlhn7i
of8gijM0xvHnPruOjHUvtB9Gt+wtLQl6/ld+FOcB8fWldo07nRpmT4Arur04TpsA
DqrIIQL+bQdl8/rE1FBdhjt57f4ersGp0owKU3x0eukA+FnwWBbenQ==
=kHZV
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: