Social networking sites and technologies are among the hottest happenings on the Internet. However, in this case every benefit comes with an equal danger: These sites and technologies are also huge targets for cybercriminals. One of McAfee Labs senior researchers, Anthony Bettini, has written an excellent whitepaper on the subject. Social Networking Apps Pose Surprising Security Challenges details some of these areas of concern. I’ll let Tony tell the story:
Facebook, Twitter, MySpace, and LinkedIn””oh my! If we’re not using these services ourselves or hearing about them in the media, our friends, colleagues, and children remind us each day of their existence. Although Web 2.0 may be a buzzword we all love to hate, media-rich web applications that allow information sharing among users are here to stay and growing in popularity. An article written in October 2009 (so it’s clearly out of date) on the size of Facebook’s data center states Facebook stores approximately 80 billion photos and serves up approximately 600,000 photos per second””making it the largest photo archive in the world.1 Social networking web applications such as Facebook are a big deal.
As social networking gains users, it will increasingly be targeted by attackers, just as instant messaging and other media have been. For an interesting view on how platform prevalence draws attackers like bees to pollen, see the IEEE article “When Malware Attacks (Anything but Windows).” One popular technology ripe for exploitation in social network applications is the “mashup.” (Wikipedia: “A mashup is a web page or application that uses or combines data or functionality from two or many more external sources to create a new service.”) From the perspective of an application provider such as Google, mashups allow their applications””for example, Google Maps””to become more widely used and embedded within other new applications, like Yelp or the iPhone operating system. However, as we’ll soon see, attackers have also been using mashups to their advantage.
Download and share this excellent paper with all the people you know who use social networking sites and technologies. The dangers are real–but with education, action, and proper security we can successfully manage them.