The Ten Most Dangerous Things Users Do Online

adding a few things:

1) clicking on ad banners that pop-out of no where
2) downloading mouse pointers, screensavers, free antivirus programs (would like to add not all free antivirus software are malicious)
3) shopping from untrustable websites
4) Providing email address on random websites to view their content or download something
5) Filling up too much personal information on Social Networking websites. With so many scams and date thefts taking place, your data is never actually safe with any such website. So please be careful about this

Participating in chat rooms or social networking sites

How this can be dangerous? Unless you are giving your passwords or other confidential information away.

Participating in chat rooms or social networking sites

How this can be dangerous? Unless you are giving your passwords or other confidential information away.

It appears you didn't read the article that the comment was excerpted from, which was in the original topic, and is explained.

http://www.darkreading.com/security/application-security/208808175/the-10-most-dangerous-things-users-do-online.html

10. Participating in chat rooms or social networking sites



The very same parents who frantically try to keep their kids off of MySpace are now flocking to business social networking sites like LinkedIn, either from home or at the office. They join a colleague's "network" on LinkedIn, post messages, and maintain their own presence on the site. That's much safer than MySpace, because it's just like a professional organization, right?

Wrong. Social networking sites are a social engineer's dream come true.

"The biggest security challenges businesses face with business social networking like LinkedIn is the sheer amount of information that a social engineer can learn by doing simple searches," says Matasano Security's Goldsmith. "Attackers can find out who your business partners, vendors, and clients are simply by viewing your shared connections."

There's simply no way for LinkedIn and other sites to validate a member's employment record, so an attacker can claim to work at Matasano and find out which current and past employees are on the site. "Services like LinkedIn try to guard sensitive employment information by restricting it to colleagues --- you have to have worked with Dave Goldsmith before to be able to click on him and see his work history, or have him come up in a search for 'Matasano,'" says Matasano's Ptacek. "But anyone can sign up to LinkedIn and claim to have worked for Matasano."

Users can also inadvertently leak sensitive company data in a message board post with a buddy, for instance. It may reach eyes for which it wasn't intended, or they may not realize that chatting about what they're doing at work today may lead to a corporate data breach. "It's different than having drinks with a buddy after work," says SecureWorks' Peck.

Aside from a chatty user, a browser can also be a weak link. "ActiveX controls and their browser can be used by an attacker to get into the corporate network," Peck says. "There are a lot of Web app vulnerabilities we've seen."

Even if you have a "closed circle," that doesn't mean you don't touch the outside world. Just clicking onto the site of a buddy's buddy can get you into security trouble. "Every subpage you go to in LinkedIn or MySpace is like going to a whole different Website," Peck says. "It's most risky when you're going to the sites of people you don't know."

Aside from the social engineering threat, there's also the very real threat of getting infected with XSS, keyloggers, worms, and spyware (just ask MySpace users). "There's going to be vulnerabilities in the software," Peck says.

If an enterprise allows access to social networking sites, it must ensure that users are wary of who they're communicating with and what type of sensitive information they may be exposing. The bad news is you may not know until it's too late.

"You should assume that anything you post to a social networking site is public," says Matasano's Ptacek.

There are two words - Internet and Privacy - which just don't go together. Well, I just assume that everything I do online is public but hope my security system will keep malware out of my computer.

Thanks to bc the top 10 list here is excellent. However, it is very easy to make mistakes. I notice that advertising on websites is becoming more aggressive and designed to capture the unwary. So, think before you click! Also be careful about swiping the mouse cursor across the screen incase it lands on something you don't want to activate.

I can appreciate how social networking works for many people. OK so I am not interested in them but Google keeps asking me to 'invite xxx' to their g-mail Circles. When I set up a g-mail account I thought I was setting up another e-mail account, plain and simple. Stupid mistake.

This is quite a list I'm ashamed to know that I've done at least 5 of them D:

Just to digress slightly, when I bought a PC several years ago I found that the store who'd built it for me had plastered my name all over it, such as "Mr X's Documents", "Mr X Owner", "Mr X's Pictures" blah blah.

I raised hell with them on security grounds and managed to delete my name from some areas but not from others, so the moral is-  tell whoever's building a computer for you NOT to put your name anywhere on the system.

Here is a story from last year. We may not be safe anywhere:

 

Unprotected Sects.

 

When it comes to computer viruses, you’re now more likely to catch one visiting a church website than surfing for porn.

What social networkinf sites are you referring to and why?

Question was asked and answered in reply #108: http://www.bleepingcomputer.com/forums/t/69440/the-ten-most-dangerous-things-users-do-online/page-8#entry2885170

Thanks for this good information.