Is anyone really surprised that social networking sites such as Facebook and Myspace were discussed at this year's Blackhat in Vegas? The entire purpose of the genre is to share data, which can be difficult to do securely. According to one presentation, though, they aren't really even trying.
From Information Security Magazine:
Social networks like Facebook and MySpace are perfect models for the three D's of insecurity: insecure by design, insecure by default and insecure in deployment.
According to a pair of security consultants who spoke at the 2008 Black Hat briefings, security is clearly not part of the business model for owners of these wildly popular Web properties.
* * *
Speaking to a Black Hat audience in a rapid-fire, free-wheeling session Thursday, their key message was that when sharing something on a social network, assume it's going to be public.
If you give credit card information to Facebook, which it warns users not to do, you deserve to fail.
The duo demonstrated a series of all-too-easy MySpace attacks, which combine social engineering and technical hacks against an end-user population hungry for peer interaction and imbued with trust.[From MySpace, Facebook ignoring basic principles of security]
Leave a comment