CSO - You see it all the time on Facebook: A friend moving on up in FarmVille. Another friend trying to expand his posse in Mafia Wars. Everyone thinks of them as harmless third-party applications, free from the crooks and cooks of cyberspace.
Unfortunately, that's not the case.
The sad fact is that these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming. And the more you expose yourself, the bigger the target you become.
The dangers of these games were part of a larger talk on social networking dangers at the 2010 ShmooCon security conference. Indeed, social networkers are in danger from all corners, be it from malicious Twitter bots you think is a celebrity following you or that hot model who friended you on Facebook, hoping you wouldn't notice that she's nothing more than a phishing hook.
In their talk, "Social Zombies II: Your Friends Need More Brains," security practitioners Tom Eston, Kevin Johnson and Robin Wood continued what they started in their "Social Zombies: Your Friends want to eat Your Brains" presentation at DEFCON 17.
They presented new techniques and tools used to exploit people on these social networks. They also examined how all your profile information is being used against you and eroding your privacy [related story: 6 Ways We Gave Up Our Privacy].
"Facebook has 350 million users with 12 million logging in daily. Twitter is getting 6.2 million new users a month. The target base keeps growing," said Eston, a penetration tester for a Fortune 500 financial services organization.
In one of their more colorful examples, the trio explained how actress Jessica Biel is the most dangerous woman on the Internet because of all the fake profiles of her scattered throughout the social networking landscape.
People on Twitter are easily duped into thinking Biel is following them in Twitter. The Facebook folks proudly count her among their friends, not realizing the page is really under the control of a malicious operator who wants you to click on malicious links on the page.
Then there's Blippy, a social network billed as a "fun and easy way to see and discuss the things people are buying." The presenters noted that penetration testers absolutely love this platform because of the naked insight it offers into the spending habits of specific individuals. They also shared a favorite quote making its way around the infosec community: "I joined Blippy and all I got was jacked at the ATM."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
