วันพุธที่ 18 พฤษภาคม พ.ศ. 2554

Social networking' s DARK SIDE




Social networking has had an enormous impact across the world, but it's proved to be a mixed blessing. Users should be aware of the potential threats waiting to be unleashed through these social networks.

One of the most common types of attack is known as "clickjacking" or "user-interface (UI) redressing". These attacks use maliciously created pages where the true function of a button is concealed beneath an opaque layer showing something entirely different.
Often sharing or "liking" the content in question sends the attack to contacts through newsfeeds and status updates, propagating the scam.
Clickjacking attacks not only spread social networking link spam, they also regularly carry out other actions such as gaining access to valuable personal information and even making purchases, said Prinya Hom-anek, president of ACIS Professional Centre, and secretary of Thailand Security Information Association (Tisa).
Many users have been deceived by rogue applications, he said.
Facebook has a major problem in the form of its app system. Any user can create an app, with a wide range of powers to interact with data stored on user pages and cross-site messaging systems, and these applications, like survey scams, can then be installed and run on any users' page.
To combat this serious problem, the "walled garden" approach of iPhone may be more suitable. This refers to a closed or exclusive set of information services provided for users, in contrast to allowing open access to applications and content.
Rogue Facebook apps can now access your home address and mobile phone number. Privacy setting is by default, once you click "like", others who are not your friends will know your behaviour, so you have to do a "privacy setting".
Facebook comes under regular criticism for its provision, implementation and explanation of user privacy features, said Prinya, adding that directions for setting privacy preferences are vague and unclear if and when they are provided. Plus, once uploaded, information and content may be difficult or impossible to remove.
Facebook made a policy change in privacy in 2005 that only friends can see your birthday, but last year friends of friends can also see your birthday.
The site will be moving forward with a controversial plan to give third-party developers and external websites the ability to access users' home addresses and cell phone numbers in the face of criticism from privacy experts, users and congressmen.
"Do all the 600 million Facebook users know that policy?" Prinya asked. He suggested that users have to adjust their "privacy setting".
Social networking has now become a platform, no matter what operating system you use - Symbian, Android, iPhone or Windows. And now the mobile phone is a computer. "You download anti-virus on the computer,why not on the handset?," Prinya said.
In terms of malware infections and privacy violations, Facebook is the most serious offender. YouTube took the second spot for malware infections, while Twitter contributed to a significant amount of privacy violations.
Facebook was again cited as the most persistent social media site where financial losses occurred due to employees' privacy violations.
The Tisa secretary explained that once users are on Facebook in the office and a hacker is on the same network, the program will identify user cookies in plain text and users' names and passwords will be displayed and thus the hacker can access the Facebook account of that person. "Many enjoy using free wi-fi, at Starbucks for example, and once the hacker uses a cookie, they can access your Facebook without you being aware."
Targeted brand attacks on social networks is another new trend. Nothing is more valuable to a business than its reputation. That is why brand attacks, which leverage a company's valuable brand for nefarious purposes, must be battled on every possible front.
Brand attacks are a new form of cyber crime, and they're being launched with new and rapidly evolving exploits, including phishing and most recently social networks.
Fighting today's most dangerous targeted brand attacks requires a multi-pronged approach combining proactive prevention, fast detection and forceful resolution.
Learn more about the top social network threats such as drive-by downloads, clickjacking, targeted brand attacks on social networks, MitB (Man-in-the-Browser) and MitMo (Man-in-the-Mobile) and advanced on-the-fly SSL hacking at the Social Networking Security Conference 2011 and the Mobile Computing Security Conference 2011 which will be held on June 28 and 29 at the Grand Millennium Sukhumvit.

ไม่มีความคิดเห็น:

แสดงความคิดเห็น