Schwartz On Security: Click 'Dislike' For Facebook Safety - InformationWeek
Government // Mobile & Wireless
01:55 PM

Schwartz On Security: Click 'Dislike' For Facebook Safety

Social networks allow for friends, but what about your enemies, as in the myriad viruses and worms out to fry your account and personal financial information?

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions

Are social networks so addictive that people will never heed the privacy and security warnings -- clickjacking attacks and lack of SSL-encrypted pages -- associated with using them?

The fictionalized Facebook origin movie The Social Network shows the website beginning as a way for people to keep tabs on what their friends are doing. Later, Facebook added features to see what your friends liked, including websites and applications. Sounds innocent enough. But in the real world, do friends accidentally infect you with viruses and worms, steal your money, get you turned into a zombie or exploited by botnet herders and their mules?

The "friends" metaphor quickly breaks down. But on social networks, you only have friends. Why not enemies? According to data security firm Imperva, "if you ask users who contemplate installing a Facebook application, their measure of trust is often the number of other users who have already signed up for the application. Clearly, anyone with an army of drone accounts can easily influence such decisions."

In other words, your friends, or your friends' friends, may be fake, and this poses a security risk, both for consumers as well as business data. But is the business world paying attention?

According to Gartner Group analyst John Pescatore, there's little enterprise alarm over social networking security, or a lack thereof. At a recent Gartner conference, for example, he was peppered with questions about securing smartphones or the public cloud for enterprise use, but nary a query over securing the social network -- despite the recent box-office success of The Social Network.

When it comes to social networks' security model, he's also not impressed. "Facebook and MySpace apps continue to send user data flying out the door. No surprise, really -- advertising-supported IT exists to supply advertisers with detailed user information," he said.

That could explain the lack of alarm on Facebook's security page. Rather than warning users about active exploits -- or leaving a digital paper trail pertaining to attacks that have been affecting Facebook users -- it settles for bland admonishments about how to stay secure and offers Facebook's thinking behind its latest security and privacy tweaks.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends for 2018
As we enter a new year of technology planning, find out about the hot technologies organizations are using to advance their businesses and where the experts say IT is heading.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll