RSS Alerts

Share

More services

Related Stories

  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Spamming the socially active - spam diversifies to Twitter, IM, SMS, etc
    Once poison found only in email accounts, spam is now polluting every form of electronic communication from IM to SMS and from blogs to tweets. But how well is it doing outside its natural domain? William Knight takes a look at non-email spam
  • Forensic analyst clicks ‘dislike’ button on Facebook, social media security
    At this week’s Interop show in New York, the always entertaining and sometimes controversial Paul Henry shared with attendees some of the most prevalent malware delivery methods over social networks, in addition to some specific criticisms of Facebook itself.
  • From the Eye of the Storm: 2011 Information Security Predictions
    Last January, Infosecurity magazine published prognostications by the (ISC)² Advisory Board of the Americas (ABA) regarding the information security field in 2010. Unlike many who have attempted to envision the future, the ABA has gone back and reviewed the accuracy of its predictions and provided a letter grade for each. The ABA will then offer new predictions for 2011.
  • Does Web 2.0 Need Security 2.0?
    With the proliferation of Web 2.0 services, security concerns have escalated. Davey Winder investigates how infosec vendors are addressing these challenges and wonders whether security 2.0 actually exists

Top 5 Stories

News

Satan is on my Friends List

18 August 2008

ID theft via social networking sites is all media hype according to Shawn Moyer and Nathan Hamiel. In their session on social networking at Black Hat, Las Vegas, the duo insisted that ID theft via social networking sites is not a problem.

“If you put information on a social networking site, assume it’s not private”, said Hamiel. “If you give your credit card to Facebook, you deserve to fail”, added Moyer.

Social networking sites are an ideal target for cyber-criminals. With millions of users, (Facebook is now in the top 10 most visited sites daily,) there are plenty of users to target.

“Applications are social networks biggest problems”, Moyer argued. “By adding an application, you allow the owner of the application to access all of your profile information. They can then keep your information offline, and can hang on to it”.

Hamiel added that social networking applications are coded by people “who really shouldn’t be coding”.

Adding applications can also reveal a lot about a person, which can be used for marketing purposes.

“Social engineering on social networks is diamond-tipped spear-phishing. It gives great ROI for targeted attacks”.

Profiling well-known people is trivial on social networking sites, as Moyer and Hamiel proved when experimenting with a well-known person within the industry. With his permission, they set up a profile and to add legitimacy, invited others within the industry to be his ‘friend’. Within twenty-four hours, many CSOs, CISOs, CISSPs, a journalist on a well-known security publication, and even his own sister had accepted his friend request.

This serves to prove that even the infosec savvy can be fooled.

This article is featured in:
Identity and Access Management  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012