Posted by: Ken Harthun
Facebook, Security, Social Networking Hacks, Web 2.0 Security
If you’re on it, you’ve seen the Facebook messages: “You have a give a heart request;” or, “<name> sent you a hug;” or one of dozens of others. Most of these social networking applications are benign; nevertheless, there’s always a risk associated with them. Think about it; you’re allowing some third party software access to your profile and this is just one more attack vector for the social networking miscreants. You really have no way of knowing for sure that an application is safe until it’s too late. Case in point from The Seven Deadliest Social Networking Hacks:
A rogue application called “Secret Crush” was circulating around Facebook earlier this year, spreading spyware instead of love. (See ‘Secret Crush’ Spreads Spyware, Not Love.) It sent victims an invitation to find out who has a secret “crush” on him or her, and lured them into installing and running the Secret Crush app, which spread spyware via an iFrame. The attack got more advanced and worm-like when it required the victim to invite at least five friends before learning who their “crush” was.
This is an example of an application deliberately written as a weapon of attack, but as we all know even the best applications have security holes. Considering the social sites are under constant attack by crackers, those security holes can be exploited to compromise your profile, your pages, even your PC. So the next time someone wants to send you a virtual hug, heart or handshake, don’t just blindly accept it.