The InformationWeek -- Blogs
Welcome Guest. | Log In| Register | Membership Benefits

Wolfe's Den Blog

Topics:   Wolfe's Den

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share
  • icon

Facebook Security Crisis Could Derail Social Nets


Posted by Alexander Wolfe, Nov 6, 2009 04:32 PM

There's a security problem on the horizon, which could derail the progress of social networking has made in breaking down the barriers between business and personal Internet usage. (Whether that's a good thing or not is a separate argument.) I'm speaking of the rising tide of fake Facebook messages, phishing threats, and malware.

And I didn't even mention the constant "friend-request" harassment from people you've never met. (Ba Dum Bum!)

Seriously, though, it's no wonder that many businesses are reluctant to allow employees to surf Facebook and LinkedIn at work. Probably these sites were blocked initially because of their time-wasting potential (and, in the case of YouTube, the unnecessary bandwidth usage). However, the security issues now running rampant on Facebook give enterprises a legitimate reason to demur.

Possibly LinkedIn sees fewer phishing attempts for the same reason that Apple's Mac OS is supposedly safer than Windows. As in, it's not necessarily more inherently impregnable, it's just that it presents a smaller target to bad actors.

Anecdotally, even the casual Facebook user knows what I'm talking about:

  • It's messages appearing to , asking you to click on a video, which turns outs to be a piece of malware.

  • It's phishing attempts which can suck your computer into a botnet.

  • It's fake "update your account" messages, which are also a phishing scam.

    And it’s stuff like this "Facebook Password Reset Confirmation. Customer Message." I received recently. (Those two periods add legitimacy to the subject line. Not.) It read:

    Hey alex,

    Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

    Thanks,
    Your Facebook.

    I flagged that email as bad quicker than a scalper makes a cop outside Yankee Stadium (to use a timely analogy). It wasn't just the "Hey" or lower-case "a" in Alex, which is not my Facebook name anyway. I thought the "Thanks, Your Facebook" at the close was a nice touch, though of course the proper response is, no, your Facebook.

    Seems to me that such security issues are more serious issue for social-networking sites than anyone has yet acknowledged. I believe the patina of friendly interaction, and the good-natured communication which Facebook inherently invites, has raised less of a reaction than if similar problems had occurred on a "regular" site.

    Think what Amazon would do if its customers were constantly being bombarded with attempts to steal their credit card numbers.

    Which is not to say that Facebook isn't working hard to stanch this stuff. It is. (Check out Facebook's blog as well as its developer wiki.)

    However, Facebook is fighting a battle which it appears ill-equipped to win. That's because the security problems facing Facebook aren't due to lapses by the site so much as their occur precisely because of its very nature. So, if you corrected the problem by locking down Facebook, it wouldn't be Facebook.

    Because, hey, if you can't trust your friends, who can you trust?


    Follow me on Twitter: (@awolfe58)

    What's your take? Let me know, by leaving a comment below or e-mailing me directly at alex@alexwolfe.net.

    Like this blog? Subscribe to its RSS feed: (here)

     My videos on ( YouTube)

     Facebook 

      LinkedIn

    Alex Wolfe is editor-in-chief of InformationWeek.com.

    « Is Ignorance A Synonym For Trust? | Main | What's The Definition Of Cloud Computing? »



    • Sign Up Now
    For InformationWeek News Alerts




    This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

    Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

    Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


     
     

    1. Here's to the First Responders!
    2. HPC Joins the Dummy Revolution?
    3. Detecting Scalability Problems With Intel Parallel Universe Portal
    Join The InformationWeek Group On LinkedIn


                               


    1. Samsung Redefines Vaporware: 'Bada'
    2. HTC Droid Eris To Get Android 2.0 Update
    3. Verizon Wireless Starts Updating The Motorola Droid
    4. Windows 7 Upgrades Drop Ball On Data Migration

    1. LCD Maker Pleads Guilty In Price Fixing Scheme
    2. Google Search Appliance Now Finds Tweets
    3. Skyfire Updates Mobile Browser
    4. Chopra, Kundra Urge Efficiency Role For Government IT
    5. IBM Launches Cloud Computing Lab
    6. WiGig Completes Wireless Specification

     
      Ars Technica
    Boing Boing
    Channel 9 Forums
    CRN Blogs
    Dr.Dobb's Portal: Blogs
    Engadget
    Gizmodo
    GrokLaw     		  Lifehacker
    Schneier on Security
    Slashdot
    TechCrunch
    Techdirt
    Techmeme
    Valleywag
      DECEMBER 2008
    NOVEMBER 2008
    OCTOBER 2008
    SEPTEMBER 2008
    AUGUST 2008
    JULY 2008
    JUNE 2008
    MAY 2008     		  APRIL 2008
    MARCH 2008
    FEBRUARY 2008
    JANUARY 2008
    DECEMBER 2007
    NOVEMBER 2007
    OCTOBER 2007
    SEPTEMBER 2007