Government // Mobile & Wireless
01:55 PM
Connect Directly
Repost This

Schwartz On Security: Click 'Dislike' For Facebook Safety

Social networks allow for friends, but what about your enemies, as in the myriad viruses and worms out to fry your account and personal financial information?

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions

Are social networks so addictive that people will never heed the privacy and security warnings -- clickjacking attacks and lack of SSL-encrypted pages -- associated with using them?

The fictionalized Facebook origin movie The Social Network shows the website beginning as a way for people to keep tabs on what their friends are doing. Later, Facebook added features to see what your friends liked, including websites and applications. Sounds innocent enough. But in the real world, do friends accidentally infect you with viruses and worms, steal your money, get you turned into a zombie or exploited by botnet herders and their mules?

The "friends" metaphor quickly breaks down. But on social networks, you only have friends. Why not enemies? According to data security firm Imperva, "if you ask users who contemplate installing a Facebook application, their measure of trust is often the number of other users who have already signed up for the application. Clearly, anyone with an army of drone accounts can easily influence such decisions."

In other words, your friends, or your friends' friends, may be fake, and this poses a security risk, both for consumers as well as business data. But is the business world paying attention?

According to Gartner Group analyst John Pescatore, there's little enterprise alarm over social networking security, or a lack thereof. At a recent Gartner conference, for example, he was peppered with questions about securing smartphones or the public cloud for enterprise use, but nary a query over securing the social network -- despite the recent box-office success of The Social Network.

When it comes to social networks' security model, he's also not impressed. "Facebook and MySpace apps continue to send user data flying out the door. No surprise, really -- advertising-supported IT exists to supply advertisers with detailed user information," he said.

That could explain the lack of alarm on Facebook's security page. Rather than warning users about active exploits -- or leaving a digital paper trail pertaining to attacks that have been affecting Facebook users -- it settles for bland admonishments about how to stay secure and offers Facebook's thinking behind its latest security and privacy tweaks.

1 of 2
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.