Ask the Expert

What are the risks of social networking sites?

What threats are posed by the popularity of social networking sites like MySpace and YouTube?

    Requires Free Membership to View

The most prominent threats fall into two categories: technical and social. From a technical perspective, these social networking sites are, in reality, Web sites that allow hundreds of thousands of people to post content: on-line profiles, videos, and/or commentary. With all of that information coming in, malicious users are constantly trying to post malware, specifically browser exploits, to these sites. Attackers hope that if they are able to successfully load content containing a browser exploit, they can then take control of browsers by convincing other users to view their content.

Beyond browser exploits, an attacker can post a script on a social networking site that will run inside the browsers of those who view the content. This variation of a cross-site scripting attack is what the so-called Samy worm did in MySpace in October 2005. The author of this worm updated his profile with a script. Whenever any other user read his profile, this script would run in that user's browser, adding the Samy author as a friend in MySpace. The script would then add a copy of itself to this user's profile. When other users read any of the script-infected profiles, they too would be added as a friend to the Samy author and have their profile updated. Within an hour, the Samy author had hundreds of thousands of friends in MySpace.

Because of this major risk, most social networking sites carefully filter out scripts and browser exploits posted within user content. Their filters are not perfect though, and sometimes a unique encoding scheme or obscure scripting trick makes it through, resulting in an attack like the Samy worm. Therefore, you should defend yourself by running an up-to-date browser and an antivirus/antispyware suite. Also, if you are particularly paranoid, you may want to disable scripts in your browser when accessing social networking sites. You could consider adding social networking sites to a different security zone in your browser, like Restricted Sites, where you could then disallow browser scripts.

More information:
 

This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: