Security Cost of Social Computing

As recently as five years ago, most of us probably communicated electronically only through either e-mail or phone. If someone wanted to pry into these communications, they had to tap our phones, steal our phone records or hack our e-mail accounts. But today, we voluntarily leave bits and pieces of our personal lives scattered all over the Internet. From elaborate profiles on social networking sites (such as Facebook, which, for example, has experienced a growth explosion in Australia as of late) to innocuous comments on personal blogs of others, we publish our likes and dislikes, our affiliations, political views and even our day to day routine for pretty much the whole world to see. In fact, younger Internet users appear to be leading the way. And it’s not all just play either. We increasingly rely on sites like Seek, monster.com and LinkedIn to advance our careers as well. These days, not only do we seem to leave a part of our digital personality wherever we spend a lot of time online, but we also seem to bundle a much greater part of our lives into this digital personality.

Now, is it too much of a stretch to imagine digital identity thieves and other fraudsters working hard, even as we speak, using the awesome power of modern search engines to put together these various online clues to piece the puzzle that is the digital you? I think not! I believe that this is already happening on a wider scale than any of us would like to believe. We’ve made it easier for anyone to discover who we are and increased their chances to get acquainted with us, no matter where in the world they are. Especially with social networking sites and online dating sites, shady characters could easily work their way into our trust gradually, starting off as a “friend of a friend of a friend” or a potential love interest. From the stories I’ve heard, this seems to be taking place a lot more than I would have considered to be the case.

To compound the issue, online services are becoming extremely complex. With a diverse set of functionalities and the ability to “host applications” or mash-ups, these online platforms are getting as complex as operating systems themselves. What does this all mean? Well, it means that online service are increasingly becoming exposed to various attacks like Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF) not to mention the oldest trick in the book – social engineering. Unfortunately, traditional anti-virus software, personal firewalls or host-based intrusion prevention products sometimes are not very well suited to address some of these threats at present.

Our online world is changing and it’s changing fast. With the explosion of exciting new possibilities also come a set of unfamiliar risks. So what do we do? Do we curb our enthusiasm and say no to progress? Not at all. Fear is hardly the solution. All we have to do is to be a bit more proactive about our online security. Make sure we educate ourselves on the latest threats. Think twice about what personal information we share online and with whom. If you happen to notice something “fishy” going on, please notify someone who could look into that. While the security industry is moving fast, innovating new technology to provide better protection, you are still the single most important contributor to online security; both yours and ours that is.

Be safe and have a great social computing experience!