Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

The User Role In Social Network Site Security

Imperva : 09 February, 2011  (Technical Article)
Amichi Shulman of Imperva comments on Social Networking security issues as part of Safer Internet Day
Last week, researchers unveiled a “dating database” consisting of 250,000 users. This was not just any ordinary dating site where one registers to and agrees to post their information. Rather, the dating profiles were based on public information that the researchers gathered from Facebook profiles. Many people at this point cried out “Privacy!”. However, let us take a step back and remind ourselves that it is these users who were not concerned to publically publish their data in the first place! By consenting to Facebook’s term of services, they are actually agreeing to relinquish their information to a public website. With this in mind, it may be safe to say that if a user indicates their religion, or ethnicity, on Facebook they do so because they want other users to know this information and are willing—even implicitly—to take the chance that a (hypothetical) racial classification application will have access to it as well. It may also be safe to say that people who post a named defamation of their boss on their wall—or their friend’s wall —are willing to take the chance that their boss may see the post. That is the essence, or rather lack thereof, of privacy.



In terms of social networks, it is security which we need to be wary of. Security controls the way in which people use the information of others. It is a way to ensure that people cannot invoke functionality on behalf of other users, and that delinquents cannot use the system to distribute malware. It is a way to make it difficult to hack into someone’s account using a brute-force attack. Security enables us to integrate social networking applications into our business environment without affecting the integrity and confidentiality of business data.



In today’s social networking platform, security is the threat. Web 2.0 vulnerabilities are quickly translating into massive worm out breaks. One such example is the notorious Koobface worm which is still propagating even though researchers have been attempting to contain it for the last few years. Even basic best practices, such as the use of SSL for authentication purposes, are not closely followed.



Nevertheless, we are starting to feel the winds of change. Recently, Facebook made changes to account SECURITY to reduce account hijacking incidents. Just a few weeks ago a new authorization scheme was put in place that requires one to identify their friends in case of an alleged account take-over. As social networks attempt to increase their user base, penetrate the business environment, and roll out new services (such as Facebook’s new webmail) we should expect social platforms to invest more resources in improving the SECURITY posture of the platform. These measures will provide improved protection against application layer attacks, stronger authentication and account control features, and better malware detection systems.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo