Schwartz On Security: Click 'Dislike' For Facebook Safety - InformationWeek
Government // Mobile & Wireless
01:55 PM

Schwartz On Security: Click 'Dislike' For Facebook Safety

Social networks allow for friends, but what about your enemies, as in the myriad viruses and worms out to fry your account and personal financial information?

How Firesheep Can Hijack Web Sessions
(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions

Are social networks so addictive that people will never heed the privacy and security warnings -- clickjacking attacks and lack of SSL-encrypted pages -- associated with using them?

The fictionalized Facebook origin movie The Social Network shows the website beginning as a way for people to keep tabs on what their friends are doing. Later, Facebook added features to see what your friends liked, including websites and applications. Sounds innocent enough. But in the real world, do friends accidentally infect you with viruses and worms, steal your money, get you turned into a zombie or exploited by botnet herders and their mules?

The "friends" metaphor quickly breaks down. But on social networks, you only have friends. Why not enemies? According to data security firm Imperva, "if you ask users who contemplate installing a Facebook application, their measure of trust is often the number of other users who have already signed up for the application. Clearly, anyone with an army of drone accounts can easily influence such decisions."

In other words, your friends, or your friends' friends, may be fake, and this poses a security risk, both for consumers as well as business data. But is the business world paying attention?

According to Gartner Group analyst John Pescatore, there's little enterprise alarm over social networking security, or a lack thereof. At a recent Gartner conference, for example, he was peppered with questions about securing smartphones or the public cloud for enterprise use, but nary a query over securing the social network -- despite the recent box-office success of The Social Network.

When it comes to social networks' security model, he's also not impressed. "Facebook and MySpace apps continue to send user data flying out the door. No surprise, really -- advertising-supported IT exists to supply advertisers with detailed user information," he said.

That could explain the lack of alarm on Facebook's security page. Rather than warning users about active exploits -- or leaving a digital paper trail pertaining to attacks that have been affecting Facebook users -- it settles for bland admonishments about how to stay secure and offers Facebook's thinking behind its latest security and privacy tweaks.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll