Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Security on Social Networks Takes Efforts by All Sides



 By: Brian Prince
2008-12-17
Article Rating:starstarstarstarstar / 10


There are 1 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The popularity of social networking sites such as Facebook, LinkedIn and MySpace means they will increasingly become a target for attackers. Securing them takes a combination of efforts by users, enterprises and the social networks themselves.

When reports surfaced this month that a new variant of the Koobface worm was slithering its way across Facebook, it became another entry into the book of malware targeting social networking sites.

Security vendors expect more of the same in 2009, with attackers adding a touch of social engineering to infect users of sites such as MySpace and Facebook. For enterprises, users and even the social networking sites themselves, it may be time to take a firmer stance on security.

The best advice for users is to avoid promiscuous friending, advised Mary Landesman, senior security researcher at ScanSafe. Theres a real trend among members of social networking sites to friend as many folks as possible, even if they dont actually know them. This virtual popularity contest provides ripe opportunities for would-be attackers, who simply have to send some friend requests, get them accepted (and) then manually start the worms initial spread.

This was borne out at the Black Hat conference in Las Vegas earlier this year when security researchers Nathan Hamiel and Shawn Moyer created a phony LinkedIn page and were able to convince more than 50 people to join them as connections in a single day.

Resource Library:

The very nature of social networking sites, which people join purposely to share information, makes such ploys easy. Still, applying well-known best practices for Web surfing can make a difference.

Regardless of whether you know - or think you know - the sender, never click on links received unexpectedly, Landesman continued. And if you do click a link that then requests you install something, do not install it. If you have reason to believe a legitimate update is required, visit that vendors Web site directly and update from there.

Enterprises have a choice to make do they allow social networking sites, which can be either an important part of doing business or a potential distraction for employees, or prohibit them. Paul Roberts, an analyst with The 451 Group, said an enterprises approach to social networking depends on a number of factors, from the nature of the business to which employees are using the sites.

I think that increasingly companies are going to consider what you do online, on these social networking sites, to be their purview, particularly if there is a clear connection (on the site) between you and the company, he said.

For those businesses that decide to allow social networking sites in the workplace, it is important to set clear standards for use. Policies can go from general to granular, covering everything from privacy settings on user accounts to what business-related material can be posted.

The user interaction on social networking sites can be a double-edged sword from a security perspective, and several security researchers said social networks should scan content uploaded by users prior to making it available to the world on their servers.

Content scanning for malware prior to publication will significantly help to minimize such malware distribution method that is becoming popular on these sites worldwide, opined Yuval Ben-Itzhak, CTO of Finjan.

One of the inherent security issues for sites such as Facebook and MySpace is the presence of third-party applications. If developers arent creating secure code, or worse yet, are intentionally building malicious applications, users could be at risk. To help address this, Facebook requires developers agree to comply with technical and policy guidelines banning malicious activity before they can build on the site's platforms.

To bolster its defenses, Facebook uses automated systems to perform statistical anomaly analysis of the activity on the site. Facebook also monitors user reports of suspicious messages or other activity to flag issues for investigation. If the automated system finds activity that looks out of place, it may block suspicious content or flag it for the companys security team.

In some cases, the bad URLs will use a good domain to hide their activity - tinyURL, for example," said Barry Schnitt, senior manager of corporate communications at Facebook. "In those cases or if the content is suspicious but not confirmed to be malicious, we'll require users to solve a CAPTCHA before posting these URLs.

We'll then run two scripts across Facebook, he continued. The first will force logouts of infected accounts, reset passwords and send e-mails to the users notifying them and providing information to resolve problem. The second script will do a bulk delete of the content that is intended to infect other users.

Managing security is to some extent an arms race," Schnitt noted, "and were committed to continuing to invest in technical, investigative and user support resources to stay ahead of the threats."





  Reader Comments: Security on Social Networks Takes Efforts By All Sides
>>> Post your comment now!
There is a far better way to bring the power of social networking into...
I understand why a business may want to have presence on a Facebook or MySpace so that it can create a place in the virtual communities that these...
Posted At: 12-23-08
By: len.rosen@sympatico.ca
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}ks۸qf89Ei;RJX'c)Ij IS$IΟ_n߸҃xƩ6Fh4~ 'I"gf;̢dw5靿K$mwL9P[ Ϡ^=WZj:@a5NzpDd>J`OS;S  5Ǔ6ޙ1=+SmL}F6\3meb ^Qk$Ё_ ܢ%yRpERB@Te$oQX}؁䛿Q=2tS6B X^P~FD;5~{N5~y>Ӏ`V黖6? CoAUVekV}lvi!rs!gsͻH͠匝8Gd jI:`iT11܉Hч@XSTPԢfFԴ;gj5[gc=ױ}ǣ!&$ftjv?ĭ?(QI&7q_)'F^_3'C8:) ۱"˭#Uֶe5^~3mgE5GlR"ۄؼ?0$ꎧc"9ˁ,kFpfto6 dݺ9Try_ j_(+www;6;2ٽq3} EU E2Gq7Z}m99xMS>LyEs3^0wND߀"QYTi|/LZ@ WP= uΑjzQҏZN-ZKEKPOR ])N,RGb9괏-Ҿ路.:6鷏O:$IJ1<jUU*H j vBoMEIs^Iڟ;g:Rڟl3HoklxiuHZz>540V+KJ=OqeLxY$Y.r":ퟟCf&J ͒EL_;X_KG)H7#ǚMmdʱ(|ǺrN~}E'}6kiB5f!`J̼玁R$9Vϡȟ恒4R\ 9lbsvfyP&,|YB* b$rݠQ3>L˅B""xV3 E94>BzBp4:NRm)5ٴ>l;4d}t>჆(>hhƋMriOLrӇtu4A;ͣn]='tfo7,Abχ@a`Ns>Dm|&6l d (4o)sɹsP&&zrWt#P{DE}vC̀Y' 6)@}>\lmV3-mhZ`1 5f:%ޥ6 q0y z[ dQJ$@!"-i]NP@Ar68 -8,rr4|?#!b\JZ2(7ݞH:s@)%scMX.QY,p[/ Pf%)5{~u}bB+|#'"Xr`Y \h+|h)lb 6؛RPU+5tHބhd&,a8Bdp=A&1C K,[t t?;\ g7!v<9-%st0h3VhL( ./| `0'햮S- ݜ6,'>!͵B3j G議C=1щf*3a2TMk<͝tmļRF_@ka\(*Jyclq,YUȱ,.36ɚ='a0Juѫɹi3M~N!VPU*@1"^9O5/V cG/OQB# !W4q`*1Z3l%3u&Z0Xz||pE% U<) Qܥ&3aS'm4`Hiܸ/|P"X588 y }@" L0:KJ+b,8 Utn) FvjIMy-"`/?Œ,CgP{Í{c?4^ej,{LR֊Z5F0:Ԋ%ZW@ϸoGO] h/OPk;q_S}`1gKa@)g-!ڜ'XYf-10kYu/ ,9 i~>EV:6őG@֝ kUQlk:pn`{y@L=F&: `BE Ms8- z@zzNԴG0Lf?6q~i@"Osz0b_aY[ ȟR׊ ~i::joR68F2( Cs]QB-Pl O5ck+4C |3MdhH[_Ȏ/ͯ6> 37}&mnf{my7upl93#ONP͕GX Qd+Ji ׸@Aūkm#}2镍0: M ,v]Qrb-#2R*?.=);+6gP֛]7@MϦ6蓇_/@ͮ 2 \+ r7u`ueeyfD]lУA$v)`\EpXH[m%c> P5uW\T`qEj9~)HÞ1|M}Yy^46(S O# ʌQߐ@ZhrGX ] ?km{ST3 f;l_2|1SeVvӼK;RZ/w ?3paS,ԔʡRO @#|rǞfP X#W:ZiL$cﱖe2 ZMbZ*BB'aC.Jp]FmEmP…3S`Okps!sp:'S 6PFz*EPaۤAf<^ΐۍuק~ 6eFZ˴X݂ā3o?f/$ڎVŵ]2eH$U g YHԚkEI= O}1Q-ˤӧG׆!g3." WP)߱q1:ɹT)j l[-W+wB!aq]C0 HRW{D( ,E~w9ـo9 |R)TU ePNxp| S nh*6%wXOdK!MWF@"'! *73,`މjbU\1мݽ]Z+=LL_BP` &w,OOt@~5}qy V̶I\zgQW u?= Em՞t/IsWu_ewuṖpڏﵲ{R-}*u.Z!WO-sY^ٷAP K1RCbwmɾW2zZ^6[銿F>;k k'ryCB|I{ֽY-%{w/[OjKͳ·烬F!zͫfS L k3d8)@hdqH=^p@ҽj8`B0c5I'Bp EEy0a{6xy~ï-,$"0. I5:=. Bp(`$X*XU2]5D2sYt6^S PW"REH%IAFZU^f}3bt4zQt":_aKᷔo%?ů1KwxAh[(ktNz4&,\1[INju>!g4r㿜Y߇$M 0xc|.A-H7ܾJ> 0QJh"g8E;)~ڰ{+ /=;PHuk=H\(lOܢM]kĖS9\)L iux>Ƞ3%dBU]e>x?IАݚc-p溟9!M_:ݷza'3 ]sݿwI]iNwl'-HUzyfP>?J$c: I"I^QԼڭUdE)I=ۉN?S~`q@+<#&j%3 K^xΠt4u遧7{ }!F.u06.s!T!7?k_eܰwߵ= =z» .+-R!EkE7_U TOWg"E:'%:#ڬ/ۥ{?vVȿ5LĬhgdO1\j[Ѽci2> ACVorlK9Grs&cx2'Feuw#c“gD`GHA5}}g6A jm8gntpUE0p1-'8\y1߈:6"Y1!QfM!XP|;ߌ93{C8Wj R*2Kp1)%ŷ`PBHpNM{fr+ ~=nɸE%͖xLL._&p65xfW،̳dkQW Lt/rױW,]m prKzڈzX6K(xsa!6 A~;)q6u-gN)'97O𼊫&pG<B 7aI> g늎g8كc!@R76֕s;Y"swQȿ71# jwwwG -l`2ƗѶR7^;3 0؄QTj9dvD1']9=(}'IhyL'J~D/n!K+렳d'&O;,'YM4qgh׆.[8=zgQM?'IUld _p3(u]1%Y;2ϸHZ,IlvimR{?A$lr &qSm\+*8YpƐ τo_: K 前yvy^Tb)b7s42z| 1}0˚E``]{',W\@hrbr_~vuOx9:3M7 J5ŐRO Ʀ@/xSRy] J)JQy#P?bPP1T9 L~vY]x ͙Kndt 5|P4sxN4F:_;Pj8(Veb#07=_> A$aHXVxf9aQ-dr+i=ύsC\`wUn IQ$emb#Q6& LfI>7m90WgH S%>}Udy| k PLJWA/EAK/$M&Cw$L8=<<[jY u{RX]*@W+ħ&aCx# "oʫ"DÖColW%ɪl4,Tm{Zb'`tƎk901*V-vVJ9l"`$Ml"`uȹDR'w'JUٔ(F,AS*af 059!}%|z?ڰZ\ +v}x7@0hϳ AyODتKsQz_}C,*30 .8SvP(c͒0T)L} t,)Eh>  ~4 $4#)V_%I{L&Lys |3) ,vF0L\,TJ D=Kb%!]1r9~e:i X\4#(Y* Jy[ `ۑ;;;;|?z]t >mbmːJWt xZ"/Ղv滬/ sXF>>p,f٢ƘFa{&5 ԆtFฃI|1Bk>n!\Q-=C%lʌ`0Is/v@ }=Z 7$g@#/9Dacf5P?G#aRRR04Eq69DC$܋k^ސ=P| zfY u??%1-%0/f[Dt1CiϏ2/Ǽ!a_*!ēz3%v'?81̓!i8GݐϷ/zF-Xi< )-u凜z9A jscB1RZU } "2 "?nc=z0x^\&݂πِvk}lB{ԄG}S[Vp0Ɲݕ-9DID bE1Y( 5:gIo3nnnn~fYNo,#6i;jԐ".YP= =f? 8B%o—߯W~76BMFؤַ&C>nD'3K -iЮeXCZP *@Cن"hfzIЯ`['bdڵx:X䲐Uk =#QXog2]H_ClIooBA7| OQRXCnt`[C"m(Ma|khqnk-'OwmyuZdaLRp-L%HdIKHmqe-_X 3/I'N35v65IQce{1 {N-!h %%?=p_~S\,O5!p I!_ GonLd\koz(T/)f y;&nCSk3Ù.ͤuCl0I#qۀձ6ՙxQ|i ȪVƑ=coRȷY,!"ffGbr,Q˼Dճ=W/!4S2Ěa+Iiqnr 5V)c2 Jf:L͔h` n2$O1,'j 1:.417(jJ5?}rg闺QԑG}o#ɗy0X '+>i`z )Zbp6]?r EcC|˜hO5sf/߄ 6eNyFʼn߱yx~WSk{t[o\kE_A-δhgϡ6 ?xKhF!i3Opl R\zą^XPAft~D)F"{~D)8E[Lotp)¾.SSL=Gv;T's:^;U駠TC?AoËH~uXV0. /e7H'w<8KvךQ|l:nҪJm<$/~Ez GRCVB(,V F]S8hXLIe~5>8~܉#,p R8a<슾䄲e, *1we1i}(fiB4:wĨWOn"9wHpHVTkm+#,F` "V+Z"'"7"wyaw`<ĒAu9^,4o&vf- =8ll/vx`HkcΩj\#-<^Yr Znb\1a-*B UNz yԥBMEWChRfxq-F5֠)x9mfӚbfă ZOka`;Xicj=!vC` /_L }+n'-浻3x"(fU'J"wn04f>Th 7pKm$:ƒZu➹IA/,Qu$ζy)eTUR#ok5g`TX,|<7fPxxX bkOOvCyT |}.[o?V5F]K>Q(]LGibW|oe%F¯q{u >d9ә`/0۱p pM[.{5YMh<#Ծ5=F #G^m.9F.F{aް.&Yq(oks!=څ]`a]5bxɩfkt!˽R 53?b)m:,=+sYe?x#jO5F)+Š,bZ3ZIphu!L.>_%ʘ}AXc }(G #n$JYVmIr.kh>atyORܫVw>2<}WW|-kR^Z[#:+>FSC.oJuOQoIgo78}xxm@1"s?"I# X$Z `Oi$~b ɳ"vFf.BT0 R!`v#CsF.׽v߾ꡇU C{P^H{/ui9a00L̄89 ?/~d+2Ĥ5 [zq٥O=C^!&W6)sSx-r)G}8޾xu+ƈ\dÐ3{VŰDԤ c 4Q?cMNVE< ,i Ps6@א0H`lgp 0GU@Dc^ôuk4bwt]? ˴xrk/:G>w;Zj !j$.gGi>'߀1R P"08<ȯ&ZP"@H>Q|??'~e KHB}s 9XLi0qsXc- .E.ӻq{&+[!50 0YK7`C'[BaOLg>򽉡{:ς؝ s)aR;\gޕa)豢y ߺcoSW4Yݬ(f/c]iBR, ?$5GF쌆=xɺk{$ڟh`:g_I4UMzzW~{Agk>gʯʁ~3ڿh:N273y S.rqA/ ȋOY射8(߇ yV)@yJ͠ ,c/3\) Kܿw2~62Av.BX\Jzp+Wg^i5viAư۸/6^a/  ^敽IZ= xW4<< X)rnmxPxZLԸrGpoQV"#<@o>4{zY~8=A}ž^Elpfٴ^d,mq4 9uYu8 % ~xY&ƀY8'w)NBhع+jZ|jpO4psn ~1-H$ΆR% J\ܑNx_GDd= ̈JA.$`rXR/ QPफ़h[iRoh yVi8an%[z?"z%~@M6^_,mBfPռD<'u~m

½pl Afz5sʹ YL\Qg >G?,x`ZfL~.Ω'1e4 A:༓H_`81/D亂mK=aL{vrnw]@p79}0BDa0gTbgHAأ$集7nԿsg`w}91r&\ktEEאE$&J!ZsJD!馃D֣#4!r "s k!׶RA%#>;ql>;Kso_|m/ [yYR(K)#~rfY{6DOj fiyU (p6d+m?'6}J5+H"@"xĴ5[Pŗ-;wnS)fGVFp)hN<}W1=ڢ uK ğ?X \cwHV(:bzUu Ыr!|x@ooMK/1ee|nHHUƧf2{;:з 57d([| Ӽ9ނ4(NAERb0%yMvSFc ?dtE#bSp!@>PE֧2R8WD Q)۱YBAł?Vg;&0lB e ȑ(dyJ͜ċOW<2oJP'jdV(̝ -ӟ~H׶QĶ`:Vږ*zYD1e~}=3Ӳg(qo",@zPތpP!TyX^c 0,*0%9-E6<]܈x~;ͺg fkOTx.X=lۉR#nȹ-` jk7EmYtAt,SsϢy9v93E~㡲_+eV~LʩcaPֽk xٚջU$b.I|Ԃ!gnh]1fnBM .&DW6K54Ƙb޻Yy&L 92lv* X>!ˣŬ"&D0Ȯ'R:tsh;h[3T*Ha$:R3 +Ej z.t1\04NyqBaʩȩ(v}_\%hw2b5Š biS