Safer Internet Day - The role of Security within Social Networks

Amichai Shulman - CTO and co-founder of Imperva

Redwood Shores, CA, (PresseBox) - Last week researchers unveiled a "dating database" consisting of 250,000 users. This was not just any ordinary dating site where one registers to and agrees to post their information. Rather, the dating profiles were based on public information that the researchers gathered from Facebook profiles. Many people at this point cried out "Privacy!". However, let us take a step back and remind ourselves that it is these users who were not concerned to publically publish their data in the first place! By consenting to Facebook's term of services, they are actually agreeing to relinquish their information to a public website. With this in mind, it may be safe to say that if a user indicates their religion, or ethnicity, on Facebook they do so because they want other users to know this information and are willing-even implicitly-to take the chance that a (hypothetical) racial classification application will have access to it as well. It may also be safe to say that people who post a named defamation of their boss on their wall-or their friend's wall -are willing to take the chance that their boss may see the post. That is the essence, or rather lack thereof, of privacy.

In terms of social networks, it is security which we need to be wary of. Security controls the way in which people use the information of others. It is a way to ensure that people cannot invoke functionality on behalf of other users, and that delinquents cannot use the system to distribute malware. It is a way to make it difficult to hack into someone's account using a brute-force attack. Security enables us to integrate social networking applications into our business environment without affecting the integrity and confidentiality of business data.

In today's social networking platform, security is the threat. Web 2.0 vulnerabilities are quickly translating into massive worm out breaks. One such example is the notorious Koobface worm which is still propagating even though researchers have been attempting to contain it for the last few years. Even basic best practices, such as the use of SSL for authentication purposes, are not closely followed.

Nevertheless, we are starting to feel the winds of change. Recently, Facebook made changes to account SECURITY to reduce account hijacking incidents. Just a few weeks ago a new authorization scheme was put in place that requires one to identify their friends in case of an alleged account take-over. As social networks attempt to increase their user base, penetrate the business environment, and roll out new services (such as Facebook's new webmail) we should expect social platforms to invest more resources in improving the SECURITY posture of the platform. These measures will provide improved protection against application layer attacks, stronger authentication and account control features, and better malware detection systems.

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Was ist OPSEC?

Un­ter OPSEC (Ope­ra­ti­ons Se­cu­ri­ty) ver­steht man im IT-Um­feld die Sum­me von Pro­zes­sen und St­ra­te­gi­en zum Schutz kri­ti­scher Da­ten. OPSEC ba­siert auf fünf ite­ra­ti­ven Teil­pro­zes­sen, die es nach­ein­an­der zu durchlau­fen gilt. Ur­sprüng­lich stammt der Be­griff OPSEC aus dem mi­li­täri­schen Be­reich.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.