Security Corner

Dec 20 2009   6:52PM GMT

New Series: Web 2.0 Security

Ken Harthun Ken Harthun Profile: Ken Harthun

Web 2.0 Sites New Playground for Miscreants

Web 2.0 Sites New Playground for Miscreants

With the stellar rise of social networking sites like Facebook, Twitter, MySpace, the Ning networks and the like, the bad guys have found yet another playground on the Web. Most security experts, including I, agree that Social networks are the next major attack venue. Their basic interactive/cooperative nature makes them easy targets for cybercriminals to exploit. Jilted ex-lovers or enemies can use social networks to wreak havoc on their victims’ personal lives. My own daughter was a victim of a vicious personal attack by someone whom she previously trusted.  Even I have been a victim of a hacker when they hijacked my Twitter account and started using it to send spam. Spammers and bot herders use Web 2.0 sites to try to make a quick buck and steal personal information. Even corporate spies use them to attempt to ruin their competitors’ reputations.

Being very active on several social networks myself and given my security focus, I think it’s a good idea to address this phenomenon, its inherent security risks, and present good social network security practices. In the first set of articles, I’ll cover the seven deadliest social network networking hacks, citing real examples of actual cases where possible, and present my best advice on how to prevent and/or defend against the worst threats.

Here’s what I’ll cover in the first seven articles:

  • 1) Impersonation and targeted personal attacks
  • 2) Spam and bot infections
  • 3) Weaponized OpenSocial and other social networking applications
  • 4) Crossover of personal to professional online presence
  • 5) XSS, CSRF attacks
  • 6) Identity theft
  • 7) Corporate espionage

Thanks to Dark Reading for the above list. I will be relying heavily on their article, “The Seven Deadliest Social Networking Hacks” for my research and will interview actual victims where possible.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: