Internet Security Tips and Advice

The Perils of Social Networking

June 16th, 2008 by Igor Pankov

Preface

According to some estimates, more than thirty percent of US web traffic is taken up by users interacting on social networks like Facebook, Myspace and LinkedIn. Social networks (SN) can be fun and useful places to be when you want to hang out with your friends online, meet new colleagues, discuss a news event or engage in hot-button debate. The primary benefit of social networking is that it connects people with common interests or occupations and provides an easy way to share information, opinions, photos, videos, and just about everything else.

But there are also drawbacks to the open environments that constitute social networking. As you may have guessed from the title, the dark side of social networking is the focus of today’s article.

Basic guidelines

Registering with a social network

When you first sign up, you’re required to provide your real name and a valid email address that your future account will be associated with (your email address is usually used as your username for the SN). Make it a rule to choose at least a six-character strong password for your account. Also remember that passwords for your registration email address and SN login should be different, so that in the unfortunate event your account is compromised, you can always reset the password by using your email to restore your SN credentials; this presumes that the perpetrator cannot access your email inbox and read incoming messages.

Minimizing vulnerability exposure

Whereas Windows is your offline desktop platform that you can manage and secure to the best of your knowledge or expertise, your online social networking platform resides on remote servers over which you have no control; your SN identity and activities are only as well-protected as the underlying SN engine.

So, it is up to you to protect yourself – we suggest following these ‘safe practices’:

  • Use the latest browser software and install Windows Updates as soon as they become available.
  • Use a firewall to protect your system against unknown threats; use up-to-date antivirus to block known threats and intrusion prevention software to alert you to potentially dangerous activities on your computer.
  • Do not download, open or respond to content published or sent by unknown people. There has recently been a virus outbreak in the Russian portion of an SN that resulted from unwary users clicking on a reference to a fake image file that led to the activation of a virus that then wiped user data from the affected computers.
  • Remember that SN is still in its infancy: the engines are still immature and the platforms are vulnerable to determined attackers. Reports of faulty SN code appear regularly in the media, and you cannot rely on the integrity and non-disclosure of your personal details due to multiple weaknesses in SN systems. Cross-scripting errors (XSS) enabling attackers to view restricted sections of user data have affected almost every SN site, much like the way spyware targeted Windows systems that had not been patched with SP2 back in 2003.
  • The 3rd party applications (widgets) that Facebook and Myspace offer as additional downloads are even more problematic. These programs are not tested for compatibility or security defects, so be sure you understand exactly what you are installing when you choose to use one of these applications.
  • Don’t access your online profile from public computers – such actions are fraught with additional risk because of the potential for theft or malware compromise. Your log-in details might be stored in a local cache and later extracted and used to illegally access your profile, or the computer may be infected with keylogger that will silently capture any piece of information, including log-ins and dialog sessions, and relay this data to unauthorized third parties.

Privacy precautions

Do not disclose sensitive information – ever!

A recent British survey revealed that more than half the SN users interviewed publish contact details and private details in their online profiles, making them the easy targets to ID thieves and other miscreants.

Due to the open nature of the Internet and the fact that your account can be hijacked, coupled with the vulnerabilities of SN platforms, you should NEVER publish any sensitive information about yourself, like your home address, Social Security or cell phone numbers. And don’t post anything that could backfire against you, like videos of your student parties, or anything else that you wouldn’t want a prospective employer to see.

Prevent anonymous users from viewing your profile

By making your profile private, you limit access to your online profile only to friends and people you know.

Authorize and add as friends only people you know

The smaller your inner circle of friends, the more private your online profile is.

Never trust online-only acquaintances

It’s important to keep in mind that people and their identities are not always what they claim to be, and you should not blindly trust people that you meet online. Don’t meet these people in real life except in very public, safe places, and you must strive to avoid any other physical contact with them.

You may have heard the dramatic story of a girl committing suicide after her online date supposedly let her down, whereas in fact the cheating partner was the mother of a teenager who didn’t want her son to date the girl. If she had been a little less trusting of what she read online, she would probably be alive today.

Favor sites that use encryption

Facebook, for example, encrypts your interactive sessions, whereas Myspace hasn’t yet followed suit. Encryption garbles data in transit so that no-one can read intercepted information, protecting your passwords and other information from outsiders.

Report abuse

Should you encounter cases of spam, harassment, stalking or other intrusions into your private life, you should report such incidents to the people responsible for proper conduct on the social networking site. Consult the FAQ or Contact Us section to find specific contact information.

Don’t access SNs from your workplace

Research indicates that half of the workforce access SNs during the workday, reducing productivity and distracting from work-related issues. Such activities may also be in violation of your employer’s “appropriate Internet use” policies.

Summary

Social networks are growing in scope and number of subscribers. People use it for business, personal and leisure contacts. It’s important to remember that the information you provide about yourself is easily available even if you designate your online profile as “private”, so never publish any information about yourself that can be used to hurt you. Remember, employing safe internet usage practices, common sense and knowledge is the best protection online.

Posted in Security Insight

5 Responses

  1. Eric Lee

    Can you tell me who did your layout? I’ve been looking for one kind of like yours. Thank you.

  2. Beryl

    There are other pitfalls with Social Networks. “Jonathan” wanted to be my friend so badly he spammed me at least 30 times a day. I had to “Block Sender” to get rid of him. “Pamela” went one better. She knowingly or unknowingly sent me a Spambot. Fortunately my Anti Virus blocked the outgoing e-mails. I watched in disbelief as the clock whizzed round to 120 emails a minute. That was a pig to track down and remove. Everytime I tried to go on line it activated and was blocked.
    Even better, someone hacked my page and changed the password so I could not access it to close it down. The Site owners asked me to send a photo of myself, holding a placard with my email address, D.O.B. [useless]password etc. Then they would shut it down. This Great Grandma was not impressed. All their emails are tagged “Block Sender” now. The page is still there. I can read it but do nothing to it.

  3. Annie

    I can never understand peeps inserting their real names. I always use a fake name, never my real one. It can’t tell I’m lying….so lie i do when registering.

  4. Coenraad de Beer

    Great article and very useful information Igor, especially to those who eat, drink and sleep social networking.

    “Research indicates that half of the workforce access SNs during the workday…”

    This is really a big problem and is the main reason behind the huge influx of proxy spam, people want new proxies because they want to access their favourite social networking site at work (where it is blocked of course).

    http://cybertopcops.blogspot.com/2008/04/i-need-proxy-everybody-wants-proxy.html

  5. Igor Pankov

    Coenraad, I absolutely agree with you – SN at work is a huge waste of productive resources. And an even bigger hassle to administrators who have to add more proxies to the blacklist each day. I think an importable list of proxies should be somehow worked out to ease the burden. I believe proper SN usage policies should be created and enforced to regulate how each employee can use SN at work. And significant fines should be levied on those who don’t comply.That’s the only way to prevent misconduct in the foreseeable future.