Social Networking sites such as Orkut, Facebook, MySpace have become household names in the recent times. The networking on internet has been experiencing a drift from the old networking sites such as classmates.com to “Web 2.0” sites such as Orkut. The crux still comprises of online user communities sharing information, discovering new contacts and reconnecting with older ones.
The platform in the social networking sites grows via user contributions which are powered by communication channels such as email, chat, message boards. Like-minded individuals can share information and interest and provide feedback and reviews. These sites contain a warehouse of information that can be mined and analyzed. More than 3 years after Facebook was attack by a widespread social networking worm, many sites did patch old vulnerabilities. But the problem has not gone away. While the site owners are gaining profits from this explosion of information correlation, attackers are too seeking benefit from this arrangement. These sites have been hosts to worms, phishing attacks, identity theft, spam and other malware exploits.
The changing times might bring in higher level of integration of these applications with cellular networks too. Mobility and location aware applications might soon dominate on these apps. Cell towers and GPS services might be able to pass your information to whomsoever you wish. The increased smartness in the applications might mean that not only local business and entertainment might use this information to attract you, but you might also be able to meet your friends in the same area of your social network or thrill you by online dating service. The DTH services might also become a social networking hub. While watching your favorite TV programs, you might also be able to see what your friend is watching and chat and review the program rating. Each time a user visits a site; clicks on a link, rate a blog, or chat on specific content, the site will gain intelligence about the user and enhance his social network.
Increased collaboration and sharing of information also increases the risk for an individual. The user typically exposes his/her taste in terms of profile, be it liking a TV channel program, movie, books, celebrity gossips, workplace drama, geek gadgets, etc. The key component of social networking site is high amount of open information of the user. User privacy is at highest risk too because of information correlation and location tracking issues. Many of them may not opt for such services. However, when users see a benefit from using this service they will volunteer by providing little information.
As the security researchers and site owners are aware of security and privacy issues involved in these sites, they try to encapsulate the information at level of city or state for example. Unfortunately the bad guys will still be hanging around with the risk of vast information falling in hands of bad guys.
Spam based attacks have the potential to disrupt these social networking sites as they have been advancing today. The spam exploits will become more convincing social engineering attacks with all this data. Social botnets are another major threat to the social networking sites which can contaminate the site content with fake profiles and testimonials. Security in these sites will depend heavily on server-side defenses which might need to scan all incoming and outgoing traffic and snoop for malicious code.
To conclude, social networking sites will be rapidly expanding, adding user base and functionality and be able to mine and intelligently use user profile, security challenges will be both compelling and threatening.
I agree....the only way to prevent social engineering attacks is to educate people of their power...its one of the easiest and most effective ways available to perform higher level attacks like XSS...also social networking sites are hold a wealth of information for reconnaissance
ReplyDeleteAnother not categorised 'social networking' but as 'social media' site is twitter.com. What do you think about it?
ReplyDeleteTwitter allows users to share information which to an extent can be misused by 'black hats'. Here the point would be that both users need to understand the impact of sharing the information and for the site owners to understand the implications if this information is exploited.
ReplyDelete