Carl is a contributing editor to Communications Technology magazine and has held staff positions at InternetWeek, tele.com, Cable World and Cable Marketing magazines.
Employees use two types of social networking sites. They bring their Facebook, MySpace, YouTube and other identities to the office. At the same time, they use professional social networking – LinkedIn and others – for more “official” duties.
It has the potential to be a major problem. This Newsfactor piece based on Forrester research identifies social networking as a key element of the ongoing corporate Web 2.0 wave. By 2013, the firm says, social networks will constitute a $2 billion chunk of what will be a $4.6 billion sector.
Hopefully, organizations will catch up on the security front. The piece says that only half of Web filters deployed by Barracuda Networks are blocking MySpace or Facebook. Those who are doing so are trying to guard against virus and spyware and to maintain employee productivity. It would be interesting to understand how many of these organizations understand that social networking sites are great avenues for phishing and other social engineer exploits, and for dishonest or ignorant employees to send vital information beyond the firewall.
This is a nice CNN overview of the flow of social networking into the corporate space. What the author doesn’t say is that the evolution of social networking from consumer to business use is precisely what happened with cell phones, Wi-Fi and other tools: People used them in their private lives, liked them, and brought them to work. In this case, the writer says, more secure, corporate-aimed offerings are available. Yammer, for instance, is a business version of Twitter. Other corporate social networking newbies, according to Forrester, include Awareness, Communispace and Jive.
One of the advantages of the fact that new technology has moved from the consumer to business world so many times in the recent past is that experts consider the security issues more quickly. There seems to be a bit less denial. This Legal Technology piece offers a good description of social networks, and references a Black Hat presentation that looked at insecure features of social networks and identified the biggest vulnerabilities. They include cross-site request forgery (CSRF), cross-site scripting (XSS) and the lack of a mechanism to validate the security of customer applications. The writer offers seven tips for safely using and administering social networks.
This is not all theoretic: Business people are using social networks – and the bad guys are going after them. For instance, SPAMfighter cites reports from The Washington Post’s Brian Krebs about spear phishing attacks against about 10,000 LinkedIn members. The story says social networking sites often are the target of spear phishers because users are used to getting e-mail from other members. This e-mail purported to come from support@linkedin.com and carried the subject line “Re: business contacts.” Recipients following the instructions in the e-mail installed a malicious program aimed at stealing sensitive information from the computer.
There is a lot to worry about. Dark Reading offers a scary vignette on how dangerous a social networking site can be. The big problem is that there is no way to simultaneously optimize security and interactivity. To a great extent, emphasizing one comes at the expense of the other. Dark Reading runs through some of the problems, and links to pages that describe in more detail seven of the most dangerous activities: impersonation and targeted hacks; spam and bots; “weaponized” applications; XSS and CSRF; identity theft and corporate espionage.
- Related Videos
- Related Articles
- Ask / Related Q&A
- Social Networking Website Software Proves To Be Safe and Secure
- Social Networking: MySpace & Facebook Safety, Security, Privacy & Aggregation
- Staying Safe While Using Social Networking Site Software
- Security Issues Abound as Social Networking Goes to Work
- Be Careful With Social Network Invite E-mails
- Social Networking Security and Safety Precautions
- A Review of the MySpace Social Networking Secrets Marketing Course
- Signing Up for Social Networking Security
Advice On Protecting Your Netbook
By: Mark Walters | 30/12/2009Useful information and advice on netbooks. Find out how to make a netbook as safe and secure as possible.
Tutorial to Unlock Windows XP Administrator Password!
By: Fiona | 30/12/2009The Windows XP administrator passwordis the password used to access the "Administrator" account. This account usually doesn't show up on the logon screen and most people don't know it exists. Usually that's okay because you won't need to use your computer under this account very often. There are a few times when you will need this password! When you're accessing the Windows XP Recovery Console or you're trying to boot into Windows XP Safe Mode, you'll need this password before you can contin
Lost or Forgot Computer Password? Reset Windows XP password!
By: Fiona | 30/12/2009If you have lost or forgotten your password for logging in to a computer running the Windows XP operating system, there are a few different options
Tutorial to Unlock Windows Vista Administrator Password!
By: Fiona | 30/12/2009Windows Vista administrator password is the password to an account configured with administrator level access in Windows Vista. There doesn't actually have to be an "Administrator" user account. What you need is the password to any account that can act as an administrator. You may need an administrator password in Windows Vista if you're trying to run certain types of programs or access certain Windows Vista password recovery tools.
Find out Windows 7 Password! Reset Windows 7 Password!
By: Fiona | 30/12/2009There are a few times when you will need this password. You may need an Windows 7 administrator password if you're trying to run certain types of programs or access certain Windows 7 recovery tools.
Tips to Find the Windows Administrator Password
By: Fiona | 30/12/2009There are several ways to find your administrator password in Windows.
AntiAdd Will Add Spyware to Your PC!
By: Carl Haugen | 30/12/2009AntiAdd is a misleading antispyware program that erroneously reports threats to the user. This rogue security program advertises through aggressive and frightening warnings, notifying you that spyware, Trojans and other parasites exist on your PC. This application is malware, although it claims to remove this exact thing. Do not spend your money!
Got Security?...Is your PC As Secure As It Can Be?
By: Paul Lubic | 30/12/2009The environment in which we conduct our home computing tasks, particularly using the Internet, is becoming more and more hazardous to our computer's health. In recent years the threats to our computing environment have gone from relatively harmless recreational hacking of Web sites to today's mass crime waves by organized criminal groups.
As Swine Flu Winds Down, Hurricane Season Revs Up
By: Carl Weinschenk | 01/06/2009 | ComputersCarl Weinschenk spoke with Geary Sikich, the principal for enterprise risk and crisis management consultancy Logical Management Systems.
Social Networks Finding Their Enterprise Niche
By: Carl Weinschenk | 07/04/2009 | SoftwareA couple of years ago, Web 2.0-based social networking was very much a consumer-only affair. It was a way for people, kids, mostly, to find out what was hot and what was not. More recently, of course, businesses have gotten into the act. Many companies have blogs and Facebook pages, and more executives are using Twitter as time goes on.
The Tricky Task Of Giving Away $7.2 Billion
By: Carl Weinschenk | 16/03/2009 | NetworksThe Stimulus Package is Now Law, and Companies and Organizations are Queuing Up to Get Their Piece of the $7.2 Billion the Government Will Disperse. Russ Sharer, the Vice President of Marketing for Occam Networks, Tells Carl Weinschenk That a Series of Meetings Shows That the Government is Open to Outside Ideas on How to Structure the Programs, Wants Projects to Start Relatively Quickly, and That the Loan Guarantees and Matching Investment Strategies May Push the Total Beyond $7.2 Billion.
Security Issues Abound as Social Networking Goes to Work
By: Carl Weinschenk | 24/10/2008 | SecurityEmployees use two types of social networking sites. They bring their Facebook, MySpace, YouTube and other identities to the office. At the same time, they use professional social networking – LinkedIn and others – for more “official” duties. It has the potential to be a major problem.
Whitelists are No Security Cure-all
By: Carl Weinschenk | 17/07/2008 | SecurityWhitelisting is not a new concept, but it is getting renewed attention as companies tire of assessing the safety of every piece executable code that comes their way. The idea behind whitelisting is simple. If code is deemed safe, it is put on an approved list and allowed to execute. If it is not approved, the software in some way controls what happens.
Trouble Among the Androids
By: Carl Weinschenk | 17/07/2008 | Cell PhonesThe Google-led Android project is facing a sticky situation with developers, who are angry about apparent favoritism being shown to some developers. This is the latest twist in the road in what is becoming a difficult birth.
United, Internet Users Stand; Divided, We End Up at Phony Sites
By: Carl Weinschenk | 14/07/2008 | SecurityLast week, news hit of a vulnerability in the Domain Name System that, if exploited by hackers, could lead surfers to phony Web sites. The flaw was found by Dan Kaminsky, the director of penetration testing for IOActive. Kaminsky tells IT Business Edge’s Carl Weinschenk that the potential severity of the problem led vendors and researchers to work together to create the patches that now are available.