Feeds

Social net sites do wonders for crooks, spooks and bosses

'Computers are making people easier to use everyday'

SANS - Survey on application security programs

RSA Europe Social networks make obtaining sensitive background information on people as a prelude to stealing their identities – and running attacks on corporations – easier than ever before.

Ira Winkler, president of ISAG (Internet Security Advisors Group), an ex-NSA officer and cybercrime guru, has called for increased security awareness training. "People don't realise what they are putting out there," he said. "Computers are making people easier to use everyday."

Speaking at the RSA Europe conference in London on Wednesday, Winkler outlined a range of attacks that social networking might enable. Information on LinkedIn, for example, has been used as a prelude to targeted attacks against corporates or government agencies as part of the expanding list of so-called Advanced Persistent Threat-style (APT) attacks commonly blamed on China. Lower-level criminals can use information on social networks such as Facebook to guess the answers to password reset questions, for example. Worse still, 4Square users are giving away their location every time they log in to a venue, revealing to potential burglars that they are away from home in the process.

Much of this type of activity is wrongly described as social engineering, according to Winkler. The security guru said the term social engineering has been bastardised. Its original meaning referred to an interaction with people where they would be directly manipulated into performing actions or giving away confidential information. The bastardised term is now misapplied to "check this out" lures in mass-mailed computer viruses or even to the lifting of sensitive information consumers have unwittingly left on social networking sites, he says.

He also pointed out that few stop to think that current or potential employers might scan their Facebook profiles, which reveal details of drunken parties or time taken off work when they are supposedly sick.

Content-filtering tools for social networks don't exist as yet. In the absence of such tools, Winkler favours security awareness training for users, which he argues is sorely needed.

"You can have no expectation of privacy for anything you put on the internet," Winkler. "The test has to be: do you want your worst possible enemy to see the information you are putting online?" ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.