Government // Mobile & Wireless
Commentary
11/17/2010
01:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Schwartz On Security: Click 'Dislike' For Facebook Safety

Social networks allow for friends, but what about your enemies, as in the myriad viruses and worms out to fry your account and personal financial information?

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions

Are social networks so addictive that people will never heed the privacy and security warnings -- clickjacking attacks and lack of SSL-encrypted pages -- associated with using them?

The fictionalized Facebook origin movie The Social Network shows the website beginning as a way for people to keep tabs on what their friends are doing. Later, Facebook added features to see what your friends liked, including websites and applications. Sounds innocent enough. But in the real world, do friends accidentally infect you with viruses and worms, steal your money, get you turned into a zombie or exploited by botnet herders and their mules?

The "friends" metaphor quickly breaks down. But on social networks, you only have friends. Why not enemies? According to data security firm Imperva, "if you ask users who contemplate installing a Facebook application, their measure of trust is often the number of other users who have already signed up for the application. Clearly, anyone with an army of drone accounts can easily influence such decisions."

In other words, your friends, or your friends' friends, may be fake, and this poses a security risk, both for consumers as well as business data. But is the business world paying attention?

According to Gartner Group analyst John Pescatore, there's little enterprise alarm over social networking security, or a lack thereof. At a recent Gartner conference, for example, he was peppered with questions about securing smartphones or the public cloud for enterprise use, but nary a query over securing the social network -- despite the recent box-office success of The Social Network.

When it comes to social networks' security model, he's also not impressed. "Facebook and MySpace apps continue to send user data flying out the door. No surprise, really -- advertising-supported IT exists to supply advertisers with detailed user information," he said.

That could explain the lack of alarm on Facebook's security page. Rather than warning users about active exploits -- or leaving a digital paper trail pertaining to attacks that have been affecting Facebook users -- it settles for bland admonishments about how to stay secure and offers Facebook's thinking behind its latest security and privacy tweaks.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.