|
 Security
on Social Networking Sites
Kellep
A. Charles, CISA, CISSP,
NSA-IAM
Visits to social networking sites account
for more than10% of the total time people
spend on the Internet, according Nielsen
Online. A social network site focuses
on building online communities of people
who share common interests and activities,
such as Linkedin.com and Facebook.com.
Facebook is now the most visited social
networking site on the Internet, with
nearly 1.2 billion visits in January
2009 alone, while Twitter and Linkedin
are steadily gaining ground.
Hackers have adopted the popularity
of social networking sites into their
malicious plans to compromise systems
and steal personal identifiable information.
Recent attacks such as the Koobface
virus on Facebook and the clickjacking
issues faced by Twitter are all prime
examples of the recent challenges. Also,
these very same hackers have the capability
to remain anonymous on these social
networking sites, which enforces the
notion, you really do not know who is
on the Internet with you.
Security on social networking sites
are at a minimal standard right now,
they rely on usernames and passwords
for authentication and security, which
means that anyone who finds out your
username and password can gain access
to your account. Until social networking
site security evolves with time and
improves, users need to be very careful
and diligent.
Here are a few tips that should assist
in making sure you are safe when using
social networking sites:
1. Understand how the social networking
site displays your information. Some
sites will allow the user to control
who can see your information, while
others will allow anyone and everyone
to view postings.
2. Don't click on shortened (or "condensed")
URL's, like those created by TinyURL
and Bit.ly. There's no telling where
these links lead to, and that makes
it easy to funnel you to malicious websites
(Drive-by-Download).
3. Be mindful of
your personal information such as, don't
post your full name, address, age, hometown
or information about your family. Even
your screen name can pose a lot of identifiable
information.
4. Post appropriate
information that are comfortable with
others seeing and knowing, such as your
employer, co-workers and acquaints.
Many people will see your page or postings,
including the people who will be interviewing
you for a current position or a future
job.
5. Remember that
once you post information online, it
may be impossible to take it back. This
includes photos that can be manipulated.
6. Be careful when
it comes to online personal socializations
such as flirting or disputes. Some people
lie about whom they are. Be wary if
a new online friend wants to meet you
in person.
7. Trust your instincts
if you have suspicions. If you feel
threatened by someone or uncomfortable
because of something online, report
it to the police and to the operators
of the social networking site. You could
end up preventing someone else from
becoming a victim.
Social networking sites are evolving
into our personal and business lives.
People from various stages and walks
of life are participating in these events
with very little knowledge into the
dangers of these social networking sites.
The site owners only provide the minimal
required security measures, while hackers
are using tactics that has shown great
success in circumventing them. It is
up to us, to do what is necessary to
protect ourselves until better security
measures are implemented or the hackers
give up. Don’t hold your breath
on the hacker’s giving up.
|
