The (In)security of Social Networking Sites

With the advent of Web 2.0, social networking sites with all their wonderful interactive capabilities have become extremely popular.  MySpace, Facebook, LinkedIn and others have enjoyed great popularity as they offer unique opportunities for collaboration and information sharing.  However, with this new technology comes fresh security concerns.  Below I will outline some of the more common security issues associated with social networking sites.

Social Engineering

By their very nature social networking sites encourage its users to post personal information about themselves such as home town, place of employment, birth date and more.  However, this information can be used by criminals to commit fraud or identity theft.  For example, it is not difficult to search a variety of social networks to obtain enough personal information on individuals to open a financial account in their name.  Gunter Ollman wrote an excellent article outlining how to perform this type of social network hack.  The lesson here is to limit the amount of information you share about yourself and who you network with.

Malicious Content

Many social networking sites, MySpace in particular, allow users control over the content they provide on their pages.  This includes the ability to add banners, links, and other web content.  This provides the ability for the creators of those pages to embed malicious software or links to malicious sites on their pages.  A recent study by Sophos found that the number one host for malware on the Internet is the highly popular blogging site Blogspot.  This is indicative of the opportunities created for hackers by web sites that allow its users the ability to post their own content.

Worms

Recently, Facebook has been battling a new worm that infects users of the popular web site.  The worm, called Koobface, spreads when a user logs into his or her Facebook account and sends messages to their Facebook friends with links to malicious web sites.  When the friend clicks on the link they are asked to install an application to view a supposed video.  Of course this application is a trojan which allows the worm to continue to spread.  A similar worm is also affecting MySpace users.  These are not the first worms to target social networking sites as this has been an ongoing problem for several years.  In all likelihood worms will become a bigger problem as these sites grow in popularity.

Social networking sites can be useful tools for collaboration, keeping in touch, making new friends and growing your network of business associates.  However, these sites are not without risks and should be used carefully to avoid becoming a victim of fraud and/or an attack on your computer.

Comments are closed.