Social Networking Sites in the Cross Hairs?
As the popularity of social networking sites grows, so do the threats posed to them and the entire Web 2.0 community, but growing public awareness could be the best defense against this trend.
The worm and phishing attack against MySpace in early December 2006 called attention to this new venue for cybercrime. Malicious tactics being employed include changing user settings, viewing account information, and implanting cookies with malicious code, all of which are made possible by exploiting the confidence users have in each other.
Face Time Security Labs Chris Boyd says, “Social networking sites are goldmines of information, and a social engineer’s dream. You don’t even have to go dumpster diving anymore.”
A study conducted by CA and the National Security Alliance found that 57 percent of social networking site users admitted to being concerned about security threats, but personal information is still being posted, with no signs of slowing down. Boyd says that no matter the approach used by attackers, the goal is financial, “even if they’re stealing log-in data, they’re only doing it to spam Web sites that install adware, such as the recent MySpace worm.”
Attacks like this one leave users no options for defense but to not use the site at all.
As social engineering scams gain more attention, so will the danger posed to Web 2.0, because its content is constantly changing, which means Web filtering applications that use URL databases or honeypots are ineffective; URLs would have to be scanned in real time.
However, CTG’s Ed Moyle thinks social networking sites are relatively safe, having experienced few actual attacks, since they are centralized and feature community enforcement.
Abstracted by the National Law Enforcement and Corrections Technology Center (NLECTC) from TechNewsWorld (01/03/07); LeClaire, Jennifer.