CSO - You see it all the time on Facebook: A friend moving on up in FarmVille. Another friend trying to expand his posse in Mafia Wars. Everyone thinks of them as harmless third-party applications, free from the crooks and cooks of cyberspace.
Unfortunately, that's not the case.
The sad fact is that these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming. And the more you expose yourself, the bigger the target you become.
The dangers of these games were part of a larger talk on social networking dangers at the 2010 ShmooCon security conference. Indeed, social networkers are in danger from all corners, be it from malicious Twitter bots you think is a celebrity following you or that hot model who friended you on Facebook, hoping you wouldn't notice that she's nothing more than a phishing hook.
In their talk, "Social Zombies II: Your Friends Need More Brains," security practitioners Tom Eston, Kevin Johnson and Robin Wood continued what they started in their "Social Zombies: Your Friends want to eat Your Brains" presentation at DEFCON 17.
They presented new techniques and tools used to exploit people on these social networks. They also examined how all your profile information is being used against you and eroding your privacy [related story: 6 Ways We Gave Up Our Privacy].
"Facebook has 350 million users with 12 million logging in daily. Twitter is getting 6.2 million new users a month. The target base keeps growing," said Eston, a penetration tester for a Fortune 500 financial services organization.
In one of their more colorful examples, the trio explained how actress Jessica Biel is the most dangerous woman on the Internet because of all the fake profiles of her scattered throughout the social networking landscape.
People on Twitter are easily duped into thinking Biel is following them in Twitter. The Facebook folks proudly count her among their friends, not realizing the page is really under the control of a malicious operator who wants you to click on malicious links on the page.
Then there's Blippy, a social network billed as a "fun and easy way to see and discuss the things people are buying." The presenters noted that penetration testers absolutely love this platform because of the naked insight it offers into the spending habits of specific individuals. They also shared a favorite quote making its way around the infosec community: "I joined Blippy and all I got was jacked at the ATM."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts