Dangers on the social networks
Social networks are a big thing on the Web. For many people, they are an important activity. Unfortunately, there are many security problems. Hackers have planted exploits at several social networks. However, an even bigger problem may be from social engineering. People who use social networks are looking for friends and people they can trust. Alas, the world is full of people who are unscrupulous and they capitalize on the desire of others to have a circle of friends. Writing at ZDNet, two security experts comment on the bad security of social networks. For example:
For those taking notes, here’s the simplest way to get arbitrary code execution in the browsers of millions of users (no exaggeration — the top SocNet applications on Facebook and MySpace have 21 million and 8 million users, respectively) suitable for BotNet propagation, phishing, pharming, click fraud, DoSing, a fully meshed global RickRolling spam farm, or some other purpose so nefarious we couldn’t imagine it ourselves, despite considerable effort and numerous demonic incantations.
Just ask for permission.
Specifically, go through the trivial process of signing up to be a SocNet App developer. On Facebook permission to publish an app means having five friends, on MySpace it means filling out an application form (ours claimed we were working on a messaging system using the “unbreakable ROT13 encryption algorithm”), and providing a few easily-forged bits of personal information. Signing up to develop apps on SocNets is a shockingly trivial process, and results in being given the keys to Dad’s car and the liquor cabinet to boot, as it were.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Social engineering weaknesses are actually a good thing. It puts the onus of security squarely upon the user’s shoulders, not on the developer’s. The Internet is a public bazaar of creativity. As such there are going to be all kinds of unscrupulous people using it for selfish gains. This includes parting people from their privacy, their data and ultimately their money.
ZDnet’s “security experts” rarely remind their readers that technology is a means to an end. Rather, they attack the foolish developers for putting out shoddy products and decry the monopolistic behavior of great producers. All the while they owe their very livelihood to that which they vilify.
Your article makes a good point; social networking can be taken advantage of. This is not a fault of the developers; it the fault of the users who fall for such fraud.