Saturday, March 27, 2010

You and Social networks

Do you spend more and more time these days on one or more social networking sites like Facebook, Buzz and Twitter? Yep most of us are. But most of us don't think of the hackers, crackers, identity thieves, phishers, cyberstalkers whatever you call them also out there and have turned their attention to the big social sites. The threats are also getting increased in different faces. But most of us don't give much thought to how to defend themselves.

Most of the popular social networks like Facebook and Twitter etc. have been become attractive targets (honey pots) as the huge number of potential victims and the numbers are increasing exponentially. For Facebook it's around 400 million and I don't know exact figures for twitter.:)

Normally in each week we here at least one major attack against big social media sites. like New Twitter Phishing Attack: “You’re On Here?” [WARNING] or like Latest Facebook Scam: Phishers Hit Up "Friends" for Cash.

The main issue here is unknown parities are potential of getting direct access to your personal or sensitive information stored in your computer. They do not need to physically access to your information as these social networks are run on distributed machines.
Let's take an example from a particular social network. Some third party Facebook applications pull out private information to work correctly. These apps even can pull out your friend's info as well. So the potential victim is not only you but your friends as well. Most of those applications are like photo of the day, or some statements, jokes etc. First it asks for some thing like this.

If you allow it, then the risk is all on yours. I do not want you to get the wrong idea, Facebook applications for the most part are safe. Just like anything else on the Internet they can be exploited so it pays to be careful.

If a person that has evil intentions makes a Facebook app, they can now target all of the people who have allowed the application in their Facebook ecosystem and target them for identity theft. As those applications run different from the Facebook main servers, it's nearly impossible to validate the logic of the third party application. So the hackers may use the existing security wholes in the Facebook developer platform and attack the users. As well those social media sites also try to cover those security wholes as much as possible.

I feel user's common sense and the correct attitude towards the social networks are essential as well the technology can help to mitigate the potential risk.

Here are few tips any one can follow
  • Secure your passwords
  • Don't click here and there - The short URLs like "" which forward you to a page when you click. Problem is, there's no way to tell where those short URLs really lead without clicking on them.
  • Use a up-to-date browser
  • Read and judge the messages carefully - Sometimes the the site it-self provide some messages if there are potential threats to the user. But if the user does not read the message carefully the risk is all on the user.

No comments: