Mistakes to Avoid on Social Networks
By Luciana on February 18, 2010 | Vulnerabilities, Social, Network, Facebook, Twitter, LinkedIn, security, attacker
A huge investigation was done by security firm Sophos earlier this month. The research includes reports of cybercrime attacks on social networks like Facebook, Twitter and LinkedIn. Notifications of malware and spam rose 70 percent on social networks in the last 12 months and 57 percent of users report they have been spammed via social networking sites.
Chet Wisniewski, Senior Security Advisor with security firm Sophos was asked to comment how to avoid those attacks. According to Wisniewski security investigators are nothing different to attackers. Many users receive a message on social network which contains malicious link and these social networks, by nature of how they work, make it possible for criminals to cyber stalk potential victims.
"If you are someone's executive assistant innocently using Facebook, and the criminals know you are associated with someone important, they can target your profile to try and get malware onto your computer," said Wisniewski.
Many Facebook and Twitter users like inviting friends just for bigger list and follows numbers. "When you make 400 or 500 friends, you don't really know them," said Wisniewski. "How can you be sure they aren't sitting there, lurking, watching your wall for months so they can see what you say and use something that would be in line with your regular behavior in order to fit in and have a greater chance of success when it's time to hack you?"
What is more, another problem is people don't enable the privacy settings. There has been many articles and statements about social network's privacy settings. People can choose to customize their settings to hide information from those who they don't want to be shown. If you do not use security options your profile can be seen to all by default.
Wisniewski pointed out that people share too much information. "It's one thing to use LinkedIn to post your professional accomplishments," said Wisniewski, "But to post a resume with your address and phone number and other personal information goes too far." He also added: "For someone looking for information about your organization or looking for targeted bits about your company it's fantastic. I can go and search for your company name and three-quarters of your employees probably have profiles that tell me exactly what they do, what their position is. I can learn a lot about the company and, if I wanted to, I can then take on a social engineering attack and use that LinkedIn information for my attack through Facebook or email."
All in all, the main advise Wisniewski gives to all is to be discreet enough and check what comes up when you plug your name into a search engine and make sure what comes up is information you want to share with the world.
More Vulnerabilities news
Denial-of-service flaw is fixed by Oracle
Recently, Oracle released a patch which fixed denial-of-service vulnerability in the Oracle WebLogic Server, Application Server and iPlanet Web Server. In a security bulletin Oracle warned that "vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password." Oracle pointed out that a fix for the same vulnerability in the GlassFish Server was released last month. Read more.- Firefox 9.0 and four critical flaws fixed
- Major flaw of Adobe Reader and Acrobat 9.x is patched
- Adobe Reader targeted again: Acrobat vulnerability
- From „White hat“ Charlie Miller was turned to „Black hat“
- Temporary remedy against Dugu
- Malware distribution tendencies 2011
- Mac OS X Lion flaw gives opportunity attacker changing victim’s password
- Flaws have been detected in Symantec Endpoint Protection Manager
- New IE bug may expose your cookies
- Secret is not revealed but Facebook’s flaw is repaired
