Social Networking Can Be A Risky Proposition

It isn’t the larger aspects of life that traps us. It is the smaller, finer details that seem insignificant. It won’t hurt, or it’s harmless. Many times it is that train of thought that gets us in the most trouble. Not paying attention to the small print.

Social networking has become a daily ritual in everyone’s lives. Get up late, dash off to work, hasty breakfast, and check up on Twitter, Facebook, MySpace and other similar sites while at work. It can become a headache for IT data center administrators. Cyber criminals love it. It means workstations are being used to access the sites. The same workstations that access sensitive data.

Security researchers Shawn Moyer and Nathan Hamiel have noted how this seemingly innocent practice can become fatal, due to the ease of adding various types of content. They describe the platform as a mixture of bad programming and social engineering.

"Social networking sites contain as many users in one location on a single platform. For hackers and cyber attackers it delivers a great amount lot of return-on-investment in pursuing them.”

It is very easy for a hacker to take over an account and send other attacks against their personal links within the account, including additional Web 2.0 applications. One of the problems noted is the placing of a powerful, creative application in the direction of individual who aren’t as technically proficient. Hamiel notes, "Any software can be used to attack other pieces of software. They can even be used to look at an entire file if the privacy settings are disabled. Even if the privacy settings are enabled, assume the worst."

Some of the tricks cyber crooks utilize include pretending to be a very famous, recognizable, or important person in a fake profile. As users friend and link themselves to this false person, they also open themselves up to possible intrusion. Moyer and Hamiel demonstrated this by creating a fake profile, (with the complete permission of someone famous) and in less than a day, collected over fifty connections. Another demonstration detailed how someone can undermine and destroy a MySpace page if you are not directly linked to the page in question. The two researchers created false pages of a rock star and two actors, where two pages are connected to the third page, but not to each other. If one of the two unconnected pages desires to link to the other, and the ‘friending’ is denied, the common connection to the third person will allow access to the denied page. This is how pages can be hijacked and defaced without the owner’s knowledge of how it was achieved.

A security consultant, James Arlen, located in Toronto, Canada, gave his opinion on the matter. "Far too many individuals operate in an area where they automatically think of trust. It happens when you look at someone's profile and think you know the other person, but there is no real push for authentication."

Looking at the larger landscape of your infrastructure is only as strong as the weakest part of your defenses. Strengthen them today with security awareness training.

CISSP training courses are designed to provide certification training as an information security expert. The courses include operational security, access control, cryptography, environmental security, network security, telecommunications, security risk management, and more. K Alliance presents a solid, complete training course in information security. Having a certified professional onsite in your organization solidifies every area in need of heightened security.

About Us: SSC Training is an IT training, desktop training, and enterprise training solution resource of professional online training videos including notable titles such as Microsoft Windows 7, Microsoft VMWare, and Microsoft Windows server. The desktop training videos of SSC Training is comprehensive, informative, and very enjoyable. The new Microsoft Office 2010 desktop training provides self-paced, self-study, instructor led tutorials that assist you in achieving your goals. Learn how SSC Training can improve the productivity and success of your business and your office staff.