|
|
Sangeetha Sridhar Articles | Other useful Articles
( Continued
from Page 01 ) Websites that offer to host private user accounts for free and provide free networking tools to interact with your community of friends are alluring not only common users but also cyber criminals who vandalize these systems to penetrate into private lives and cheat on innocent users to reveal their private information. Due to large uptake of such interactive opportunities and the rich media user-generated content that makes these sites so popular also has several technical and social loop holes. The vulnerabilities are exploited by motivated individuals who are also members of these communities under false identity. Last week we discussed what the potential risks in being a members of these social networks and some of the most popular networks. It is time to learn cyber safety practices that are a must for both companies offering such web services and also the user community. According to Websense Security Labs report, several Distributed Denial Of Service (DDoS) attacks on social networking sites such as Twitter, Google Blogger, LiveJournal, and Facebook in the recent times has frustrated legitimate users. If this is not enough, misuse of message options, identity thefts, phishing scams have also crept into these forums through malicious users and malware. What they are doing? Social networks are fighting hard to live up to the trust of their community members. They have identities established to notify fraudulent practices within their forums. For example Facebook has recently enhanced its ‘Report Abuse’ feature to include granular reporting to improve source content filtering. Users can become a fan of "Facebook Security" and receive updates on how to protect their accounts. According to their official blog, users can select from “nudity or pornography, drug use, excessive gore or violence, attacks individual or group, advertisement or spam or infringes on your intellectual property” when reporting violating images. Twitter terminates accounts for a variety of technical abuse violations and black-lists them. Users can follow official ‘spam’ profile accounts to report spam abuse through direct messages. In this manner they are using used social pressure to spot criminals within the community. Both Facebook and twitter have developed automated systems that detect compromised accounts. They also identify and lock-up accounts that distribute exceptionally high number of messages. Most social network sites have restrictive user policies and they also undertake ongoing circulation of educative messages to stay safe online. The Open Web Application Security Project (OWASP) community is working under a free and open software license scheme to promote secure applications by promising application security researchers with project grants for tools, guides, surveys, and much more. Their efforts can help assure security at the application level but only if the social networks are part of this alliance. What you can do? To stay safe and yet utilize
these networking opportunities, users must also follow certain precautions.
Limit the amount of personal content and avoid posting phone, address and other
contact details. Do not expand your network with ‘Friends of friends’ without
discretion; generally stick to people you have come across in real life and do
not hesitate to block anyone online who makes you feel uncomfortable. Do not trust all messages posted here. Fraudsters hack into user accounts and post messages from these stolen identities. Don't trust that a message is really from who it says it's from. Hackers can break into accounts and send messages that look like they're from your friends, but aren't. Be selective in responding to invitations to join new social networks. Beware that not only your friends but several criminals also lurk there. Young adults and children must be educated and warned about predators who make friendly relationships online and then persuade to meet them in person. Using a range of personal details posted on these open forums, criminals can make surprising profile that pin-points a user’s identity in the real world. Sometimes this rich information is harvested by malicious people to cheat you or your own online friends. Just like emails, do not click on web links attached to messages if you are uncertain about the source or content. Most social networks offer a restricted profile option that requires your approval to connect to your profile, which can be safety used. Never allow social networking services to scan your email address book, or publish your profile in an open directory. Be discrete in what images of messages you upload online as the Internet is itself a public domain. Even deleted profiles have their old data archives or cached somewhere and can be misused. Use strong passwords, change it frequently and never share your user account even briefly with anyone. As revealed in the Web Hacking Incidents Database (WHID) 2009 Bi-Annual Report from Breach Security Labs, about 19% of hacking incidents happened on social networking sites where the exploiters use user-generated content to launch security attacks. It is likely that cyber criminals have turned towards more popular sites to cause maximum damage with their limited efforts. Security as system works only when user are prudent and cautious and the companies operating these sites also implement secure web applications and monitor the ongoing activity vigilantly. The author is a technology evangelist working as consultant at the Information Technology Authority of Oman and can be contacted at sendsangita@gmail.com or through her blog at http://digitaloman.blogspot.com or on twitter at http://twitter.com/sangitasridhar.
| ||||||||||||||||||||||||||||||||||||||||
|
