Gallery

The hidden dangers of social networking

Posted on 28 Apr 2009 at 12:08

This month, Davey Winder ponders social networking security and mobile botnets.

Given that you got there in the first place because you were worried about a potential malware infection, the chances are increased that you may fall for this scareware trap and buy the rogue software.

Cluley can't help but wonder if it's possible that the "original Facebook application was actually a red herring, and the real dangerous payload came from people Googling for information"?

Tweeting heck

The jury may well still be out on that one, but what about that link-clicking threat I mentioned a while back? I know I said we're all pretty wise to that by now, but the shocking truth is that the whole trusting your friends business comes back to bite us on the bum once links are introduced into the social networking mix.

I'm thinking particularly of Twitter, where the 140-character SMS-like message size restriction means that the majority of users employ URL shortening services, which by definition and of necessity must obfuscate the destination site, meaning that you can't check where you're going before you arrive there.

Link clicking on Twitter has become a matter of total blind trust in the person who provided that link, which is great unless your friend is an idiot who passes on malicious links, or worse if they're not your friend at all.

Remember a couple of months ago, when hackers managed to get access to Twitter tech-support tools and posted their details to a hacker forum? Various people's Twitter accounts were compromised, so that messages were sent from what appeared to be genuine accounts (they were, but the messages weren't) with celebrities worst hit.

Barack Obama appeared to be offering an online survey, a CNN anchorman said he'd be late for work because he was high on crack, and Britney Spears updated her fans on the size of an anatomical region that modesty prevents me from, er, going into.

The official Twitter account had an information message pointing to a porn site, which wasn't that funny. Recently there have been some well-publicised phishing attacks aimed at Twitter users that took them to a fake login page in order to grab their details and then use their accounts for similar malicious purposes.

Oh, and don't forget that some people are just crap at choosing passwords as well. All of which makes it very unwise to invest 100% trust in any person who is sending you Tweets, and very hard for me to recommend you click on any shortened link in those Tweets.

I've stumbled across a decent solution, besides simply never clicking on a Tweet-Link that is, and it's called LongURL Mobile Expander - it comes as a Firefox extension and automatically expands most obfuscated short URLs into their full destination address.

It's brilliant, it just works, and it means you can still enjoy the functionality of TinyURL or Snipurl or whatever, without the inherent risk on services such as Twitter.

Stupid user syndrome

Talking of inherent risks, there's none so serious as the vanity of users themselves.

One of the more trenchant criticisms of social networks is that they're treated almost as a kind of game by some people, with the goal of "scoring" as many friends as possible, and unfortunately I'd say there's some truth in this, with a substantial minority of users looking to boost their egos by collecting online acquaintances, even if it means accepting friend requests from people they've never heard of.

There are obvious dangers incurred from a data security perspective, mainly stemming from providing the kind of personal information (from your profile and in your messages) that's highly valuable to the identity thief or phisher.