With the stellar rise of social networking sites like Facebook, Twitter, MySpace, the Ning networks and the like, the bad guys have found yet another playground on the Web. Most security experts, including I, agree that Social networks are the next major attack venue. Their basic interactive/cooperative nature makes them easy targets for cybercriminals to exploit. Jilted ex-lovers or enemies can use social networks to wreak havoc on their victims’ personal lives. My own daughter was a victim of a vicious personal attack by someone whom she previously trusted. Even I have been a victim of a hacker when they hijacked my Twitter account and started using it to send spam. Spammers and bot herders use Web 2.0 sites to try to make a quick buck and steal personal information. Even corporate spies use them to attempt to ruin their competitors’ reputations.
Being very active on several social networks myself and given my security focus, I think it’s a good idea to address this phenomenon, its inherent security risks, and present good social network security practices. In the first set of articles, I’ll cover the seven deadliest social network networking hacks, citing real examples of actual cases where possible, and present my best advice on how to prevent and/or defend against the worst threats.
Here’s what I’ll cover in the first seven articles:
- 1) Impersonation and targeted personal attacks
- 2) Spam and bot infections
- 3) Weaponized OpenSocial and other social networking applications
- 4) Crossover of personal to professional online presence
- 5) XSS, CSRF attacks
- 6) Identity theft
- 7) Corporate espionage