Social Networking Security - Other Social Network Security Hazards
(Page 4 of 4 )
The password antipattern is by no means the only social networking security issue to have gathered attention recently. Both Facebook and MySpace users have recently been targeted with hidden virus attacks dressed up as video links and accompanied by messages that attempt to flatter the target into opening the link. The messages are faked to appear personal, but are in fact spam, and when users click the embedded link they are redirected to a virus-bearing host and shown a fake error message instructing them to download an updated version of Flash.
Clicking OK in fact downloads a variant of the Koobface worm, which in turn installs a proxy server, opens TCP port 9090, and hijacks search traffic intended for Google, Yahoo, MSN and live.com. The impression that the spam mail itself is genuine is reinforced by the fact that most of the infected messages are likely to come from infected friends.
Facebook has taken action to clean the system of the spammed links, but no matter how thoroughly this is done it can only be a matter of time before another, similar attack is instigated. Just as with the password antipattern, a large part of the difficulty results directly from the inherent trust that users have, both in the social networking sites themselves and more particularly, in their friends, who increasingly use them as a primary means of staying connected.
This means that right now it is almost trivially simple to circulate spam and viruses by this method. It will take time for people to learn of the risks and avoid hazardous behavior, much as it did back in the late 90s when viruses first started to circulate in email.
The reality is that in the Web 2.0 world, not opening unexpected email attachments is no longer enough to keep you safe. You now need to avoid clicking on any unexpected hyperlink unless you are certain where it leads and that you trust it. It is also advisable to download all software updates from known and trusted sites. If you think you might need a Flash update, for example, don't use a third party site but get it directly from Adobe .
It is a source of disappointment and frustration to many people in the industry that security lessons which were learned the hard way in the past now appear to be all but forgotten again. The situation is symptomatic of an intense struggle that is being played out between the leading social networking sites, both to attract people in the first place and to keep them there once they have arrived.
The economic viability of such sites is ultimately dependent on advertising, which is, as always, a numbers game. In order to maximize their sign-up numbers, the current trend among social networks appears to be to prioritize interactivity and simplicity of use over respect for their members' security and privacy. And although security begins at home, meaning that the responsibility for privacy protection ultimately rests with each individual user of such sites, the sites nonetheless have a duty of respect to their users. Until this duty is recognized and social networks start to act accordingly, there is a strong likelihood that the attempts to compromise them will continue to intensify.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |