Security Corner

Dec 30 2009   9:04PM GMT

Web 2.0 Security: Weaponized OpenSocial and Other Social Networking Applications

Ken Harthun Ken Harthun Profile: Ken Harthun

If you’re on it, you’ve seen the Facebook messages: “You have a give a heart request;” or, “<name> sent you a hug;” or one of dozens of others. Most of these social networking applications are benign; nevertheless, there’s always a risk associated with them. Think about it; you’re allowing some third party software access to your profile and this is just one more attack vector for the social networking miscreants. You really have no way of knowing for sure that an application is safe until it’s too late. Case in point from The Seven Deadliest Social Networking Hacks:

A rogue application called “Secret Crush” was circulating around Facebook earlier this year, spreading spyware instead of love. (See ‘Secret Crush’ Spreads Spyware, Not Love.) It sent victims an invitation to find out who has a secret “crush” on him or her, and lured them into installing and running the Secret Crush app, which spread spyware via an iFrame. The attack got more advanced and worm-like when it required the victim to invite at least five friends before learning who their “crush” was.

This is an example of an application deliberately written as a weapon of attack, but as we all know even the best applications have security holes. Considering the social sites are under constant attack by crackers, those security holes can be exploited to compromise your profile, your pages, even your PC. So the next time someone wants to send you a virtual hug,  heart or handshake, don’t just blindly accept it.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: