Slashdot Mirror

← Back to Stories (view on slashdot.org)

Social Networking Site Safety Questioned

Posted by Zonk on from the is-it-safe? dept.

An anonymous reader writes to mention a TechNewsWorld article about social networking sites. Researchers are finding these places are goldmines for social engineering exercises. Between worm attacks and simple human observation, sites like MySpace are the perfect place to obtain saleable personal information. From the article: "The danger is real, according to a study conducted by CA and the National Cyber Security Alliance (NCSA). In October, the alliance issued its first social networking study examining the link between specific online behaviors and the potential for becoming a victim of cybercrime. Despite all the publicity about sexual predators on sites like MySpace and FaceBook, the alliance took a different approach by measuring the potential for threats such as fraud, identity theft, computer spyware and viruses. Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cybercrime, they are still divulging information that may put them at risk, as Boyd suggested. Social networkers are also downloading unknown files from other people's profiles, and responding to unsolicited instant messages that could contain worms, the NCSA reported."

21 of 73 comments (clear)

  1. Fix the ohter end? by zotz · · Score: 2, Interesting

    Should the other end be fixed? Why should it be possible to steal someone's identity with the simple personal details people make available online?

    all the best,

    drew

    --
    FreeMusicPush If you want to see more Free Music made, listen to Free
    1. Re:Fix the ohter end? by eln · · Score: 5, Funny

      I think the problem is with MySpace's default layout. I mean seriously, doesn't this sidebar information just invite abuse?

      General:
      Music:
      Mother's Maiden Name:
      Movies:
      Television:
      Social Security Number:
      Books:
      Heroes:

    2. Re:Fix the ohter end? by derF024 · · Score: 2, Insightful

      You have the wrong "other end" identified. The "other end" that needs to be fixed is the human creating the profile. People should not be entering data that can be used against them (birth date, sex, full name, etc).

      Ah, yes, people revealing incredibly personal details like their name is the problem. Phone books must scare the crap out of you.

      No, the problem has nothing to do with myspace or any other directory of names, the problem is that it's trivially easy to do things (like getting a credit card or a bank loan) pretending that you're someone else. The only possibly secret bit of information needed to do either of those things is the social security number. Anything else can be pulled out of the phone book or public records.

      Once someone has your social security number, they can do *anything* as you. And people will put their social security number into any form that asks for it, because so many things require it.

      We desperately need a better form of verifiable identity. Unfortunately, I don't know what that is.

  2. the answer to this is so simple... by CheechBG · · Score: 4, Interesting

    Just make your damn profile private! If you are naive enough to think that everyone in the world wants to read your profile, you are probably too naive to understand that everyone's intentions sometimes aren't friendly.

    One of our HR people just to prove a point attempted to look at my profile, and then sent me a friend request which I denied for that reason. Making a definitive wall between work and whatever it is that I do at home is very important.

  3. In other news by timeOday · · Score: 5, Funny

    Never leave home and you'll never catch a cold or get run over by a car. Join the fight against leaving home now!

    1. Re:In other news by kfg · · Score: 2, Interesting

      Never leave home and you'll never catch a cold . . .

      Nooooooooooow ya tell me!

      Actually, I think, in a bit of irony, I caught this one from the UPS man the last time he handed me a crate of Kleenex through the basement window, 'cause I don't remember leaving home lately. I'll have to wear gloves and soak them in Vodka for a week before handling them next time.

      In a bit of further irony today I had intended to be far away from anywhere with a net connection, or people, but I couldn't leave home, becasue I have the flu.

      So here I am.

      Lucky you.

      KFG

  4. of course by jrwr00 · · Score: 2, Interesting

    Its a meeting place for all the morons on the interweb (as called by a few of my friends)

    Myspace, hi5, bebo, is just to name a few i see around here in job corps,

    ever wonder why AOL Userers got the most phising emails, because most AOL users where morons

    --
    WulframII - Free Online Mutiplayer 3D Tank Shooting Game
  5. Newsflash: People are STILL stupid. by R2.0 · · Score: 5, Funny

    In shocking news today, it was revealed that human stupidity is not relieved by the internet, but is actually exascerbated by it. News at 11:00!

    --
    "As God is my witness, I thought turkeys could fly." A. Carlson
  6. Nosey sites by Threni · · Score: 2, Interesting

    Part of the problem is sites asking for identifying info when you sign up, including passwords, email addresses, real addresses sometimes, or postcodes/zipcodes, dates of birth etc? Why? None of this stuff has anything to do with what I post on Slashdot, my opinions on music, films, games. Having it stored on the site owners server does nothing to aid my attempts to get answers to technical problems on usenet or forums. And I'm not entirely sure it can be said to help reduce trolls and other problems that afflict public sites. If people didn't have to exchange all this info to register on sites etc, and it was only provided when absolutely necessary then maybe people will be more aware of exactly who's asking for it and how safely it'll be stored.

  7. This...just in! by PingSpike · · Score: 2, Funny

    Another recent study said that walking down dark alleys while jiggling your car keys and waving a wad of cash around may increase the likelyhood of muggings.

  8. Ex-fricking-actly by SatanicPuppy · · Score: 2, Interesting

    Why is this such a big issue? Because we don't currently have a reliable way of verifying identity. Until that basic problem is fixed, there is no way to fix the identity theft issue.

    Of course, the only really reliable way of proving identity is some kind of private key crypto backed up by high-end biometrics (eg, retinal scan, or dna), and the odds of something like that being implemented are hilariously low, for about a million reasons.

    At the very least there needs to be some sort of private ID that is used to verify the "public" id that you pass along to the credit companies and whatnot.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  9. Automated Privacy Rights by Doc+Ruby · · Score: 2, Insightful

    Best practices to protect personal data like IDs should be consistently supported in software if most people are to practice them.

    I'm really annoyed every time I have to type my name/address/email into a Web form. How many times have I typed that info in the past 10 years of the Web? Why can't forms include either Javascript or even standardized APIs for requesting the same personal info? In increasing scopes with simple descriptive names. So I don't have to let my info sit cached at so many remote servers with which I do intermittent business, any one of which can leak my info at any time.

    I want to see a Web GUI show submittable form sections tagged by their target org. I'd like to subscribe to a service that rates forms by their risk, demonstrated by proven vulnerabilities in distributed reporting databases (or whatever my selected advisor uses to decide its ratings). Many people would pay for such a service to advise how much info to disclose to a given recipient. And many organizations would pay to make using them free, like insurance and bank corps, not to mention governments with insight into the preventive value of informing consumers of disclosure risks, without slowing down acceptable transactions.

    People can protect ourselves even more than with just tech fixes. We have the right to privacy in our "papers and effects": our personal data. We produce a government to protect that privacy. We should specify how they protect it, like requiring all disclosed personal data to be redistributed only within the context of the transaction into which it was delivered, unless explicitly agreed otherwise by the sender. Maybe even a Constitutional Amendment, to make more clear the privacy rights implicit in the Constitution, explicit in the 4th Amendment, but still not protected enough for adequate security in the modern age.

    --

    --
    make install -not war

  10. Re:it holds true for myspace by tehwebguy · · Score: 2, Interesting

    Local White Pages Safety Questioned

    Aren't your local White Pages more dangerous by default? I mean those are opt-OUT, while MySpace is opt-IN

    --
    -- lol pwned
  11. Easy Sum: by Penguinisto · · Score: 2, Funny
    Yes, Virginia, there is a such thing as "Ignorant People Who Will Click On Anything Others Send Them"

    /P

    --
    Quo usque tandem abutere, Nimbus, patientia nostra?
  12. On the other hand, by Peter+Trepan · · Score: 4, Interesting

    Socializing at a bar puts you at greater risk of physical harm. Socializing at a church puts you at greater risk of personal judgment. Socializing at a coffee shop puts you at greater risk of cardiac arrhythmia. Socializing at a restaurant puts you at greater risk of clogged arteries. Not socializing puts you at greater risk of dying alone.

    --

    Step into a huge movement. Don't Tread In Me.

    1. Re:On the other hand, by presentt · · Score: 2, Interesting

      I agree. I think there is a difference between caution and paranoia. As long as you aren't stupid, and don't make available information such as credit card numbers, social security numbers, and so forth, I don't see much wrong with posting basic demographics like age, sex, and even locations. It's the type of information that can be obtained by someone who wants it, anyways, and can potentially add to the sense of the online "community." I don't have a MySpace, but I do have a Facebook profile. I keep it private, but still recognize that the information in it, including cell phone numbers, AIM screennames, and pictures, are online and thus potentially available to an unauthorized party.

      I'm sure my phone number, email address, and even postal address are circulating around without my knowledge offline. Putting it online may expose me to spammers, but hey, I've got a good email filter, I'm not afraid to hang up on people, and who really sends junk mail on paper anymore anyways? Besides, it's in the phone book. And I'm not too afraid of sexual predators--I don't fit the demographic, and I'm not stupid enough to meet some unknown person at a shady coffee shop either.

      And my picture? Big deal, check last month's newspaper, because there's a photo of me. What I'm trying to illustrate is the availability of information about me away from the internet, and the futility of trying to protect basic information in the first place. If an attacker (social, sexual, political, or even a government assassin because I heard the wrong conversation somewhere) wants to learn about me, he can. There's risk everywhere, as the parent pointed out.

      --
      I decided to stop stealing cynical quotes to use as a signature line.
  13. Teach internet responsibility in school by businessnerd · · Score: 2, Interesting

    I think a great way to combat issues like this is to start teaching safe browsing in school. We are already teaching them how to use the computer and how to find information over the internet, but are they teaching them how to use the technology responsibly. When I learned how to use a computer in school, we learned what bugs and viruses were, but they weren't as widespread then, so there was no lesson on how you might get a virus, how to prevent getting that virus, and if you do get a virus, how do you repair your machine. This was also before spyware was understood as well as phishing and identity theft. We all saw the movie "The Net", but no one really thought that could happen to them, and could only be pulled off by some elite hacker out to get you, and only you.

    We need to teach the kids that not everyone on the internet is your friend. Not everyone on the internet is who they say they are. You can protect yourself from malware by using safe browsing behavior (don't click OK at every message that pops up, smiley face add-ons are not so smiley). Never give out personal information on the internet unless you are absolutely positive that the person you are giving it to is in fact who they say they are, and there is a legitimate reason for it. This means no SSN, phone number, credit card/bank numbers, address, etc.

    Like I said earlier, when I was in school, all of this was not really a concern, so I'm not sure if schools are actually teaching this kind of stuff.

    --
    "It's not whether you win or lose, it's how drunk you get." -- H. J. Simpson
  14. Without these sites, Chris Hanson is unemployed by fatnicky · · Score: 2, Funny

    How many social researchers salivate when they hear "Hi, I'm Chris Hanson with Dateline NBC".

    The industry alone should be salivating, for all the pedo-rific jaw dropping action that goes on in a pedo bust.

    Without myspace or any of these, what kind of pedos would we watch get busted on Friday night.

    There's only so much Michael Jackson to go around.

    If you'll excuse me, I just met a 19 (12) year old kid and am going to drive 300 miles away to meet them. (And yes, I always have protection, erotica, booze, and her favorite perfume with me, you know, just in case...)

    .

    [disclaimer: this is a joke, no cop calling please.]

    --
    Free childcare classifieds: www.carebrite.com
  15. Brilliant! by evil_Tak · · Score: 2, Funny

    So...places where lots of social networking occurs are good places for social engineering?!

    Next you'll be telling me that places with lots of water, fish food, and fish habitat are good places to go fishing!

  16. Re:it holds true for myspace by WhyDoYouWantToKnow · · Score: 2, Informative
    No.

    True, the white pages are an opt-out system. All you have to do when you sign up for new phone service is ask for an unlisted number; some operators will give you the option during the call. If you choose to have your number listed, while it will be available through directory assistance, your number will not be listed in the local white pages until the new book is published. Even then, with the local white pages your number is only seen locally.

    With MySpace, your information is instantaneously available to not just your local weirdos but weirdos nation and world-wide.

    Another problem with MySpace, people can create accounts for you and post information about you and you may be completely unawares. While you can get these accounts closed (though I hear it's not easy to do, I have no experience with this), how do you know to have this account closed unless you or someone who knows you stumbles upon this MySpace page that has your home address, maybe your phone number, perhaps the ages of your children, you're wife or husbands daily routine, etc. Information ad nauseum, far more than can be found in your local white pages.

    --
    "Oh drat these computers, they're so naughty and so complex. I could pinch them."
    Marvin the Martian
  17. Re:Another place to fix it - backup identities? by WhyDoYouWantToKnow · · Score: 2, Funny

    I wonder if people should have backup identities

    Hi, my identity was recently stolen so for today I'm going to be... Bob. I'm a middle aged career... actuary? Actuary, is that right? Okay. I have... three kids and a mortgage that's 2 months overdue. But I didn't buy that house, this is just my backup identity. Wait, what do you mean there's a warrant out for my arrest. I've never even been to Georgia.

    --
    "Oh drat these computers, they're so naughty and so complex. I could pinch them."
    Marvin the Martian