Social Business

Eileen Brown
Home / News & Blogs / Social Business

Social network security: Where is the outrage?

By | March 3, 2010, 9:03am PST

Summary: Companies such as Twitter, Facebook and others have to make a commitment to validating and certifying that their network infrastructure is resilient to everything

Jennifer Leggio is at RSA Conference

Guest editorial by Kyle Flaherty, BreakingPoint Systems

Do you have an iPhone? Of course you do, you are reading a blog dedicated to social media. If you don’t have an iPhone you are probably even more cutting edge with a fancy Droid, or perhaps you are just waiting for that iPad to arrive. Whatever you have in front of you check out the back of your phone, you’ll see a variety of logos, each representing some performance or safety standard for the phone. Now pick up your refrigerator and…oh never mind, I’ll just tell you that somewhere on every appliance in your house is this:

Along with a bunch of other logos, all of which mean that it has been evaluated against a certain standard and under realistic conditions. The most famous is the one above for Underwriters Laboratories and that logo lets us consumers know that when we plug in that microwave or fridge it won’t blow up the fuse box or grow titanium legs and become our appliance overlords. The reason it has the UL “stamp of approval”? It has been validated for hours and hours on end, through a battery of real-word scenarios and certified that it will perform as expected.

Now, a pop quiz. What undergoes more inspection and certification under real-world scenarios, that fridge or the network infrastructure holding up your favorite social network? It’s the fridge. The result of course is that Twitter (or name your fave social site) not only has difficulty performing, but continues to be a harbinger of nasty malware and viruses.

This is not to pick on Twitter. I’ve been using the service since December of 2006 and I realize that we get what we pay for when it comes to any of these services. My concern is that as these networks become more ubiquitous in our lives that users never stop to question these problems and that we never institute a set of standards to measure and certify the performance and security of the devices that run these services.

As I sit here writing this post I’m getting dozens of direct messages from folks offering me ways to make millions from the comfort of my own home or to check out their webcam, and these are people I know well. Unfortunately their Twitter accounts have been compromised and it is happening all the time on every social network. And this is only the tip of the iceberg. It is predicted that in 2010 social networks will be the number one source of malware. It is also a safe haven for botnets to do their bidding, whether that is spamming campaigns or stealing information.

The last time it was this bad (that week it was the performance) I wrote “Open Letter to Twitter: Can We Help?” on my company blog:

BreakingPoint wants to help Twitter by providing the use of its server load testing product and wicked smart folks (sorry, the Boston still in me) to help assure the resiliency of your company’s network devices, servers and overall data center infrastructure.

In the months that have passed it has only gotten worse.

Resiliency is Key

Social networks rely on network and data center infrastructure to reach us all, in some instances this may be a cloud computing scenario or something they have built themselves. Most likely, such as the case of Twitter, it is a mix. As we already mentioned above, the equipment that makes up this infrastructure has not been assessed as thoroughly as your microwave. All of this equipment must be certified to be resilient to handle the complexity and chaos that is today’s network traffic. Network resiliency is the ability to remain high performing while remaining stable and secure.

Companies such as Twitter, Facebook, Amazon EC2, Google and others, have to make a commitment to validating and certifying that their network infrastructure (or their cloud computing partner) is resilient to everything, from maximum user load to a major cyber attack. For too long these companies have collected our information while taking little responsibility for properly securing our experience. When do you think these companies will move in the direction of resiliency certification? Perhaps after an immense attack, such as Google looking for help from the NSA after the cyber attacks in China. Or when users start to become appalled and demand their services provide a promise of resiliency.

Well I don’t wish the former upon anyone, therefore let us focus as users of these services on the latter. Each time you see another spammy DM or wall post I want you to do two things:

  1. Change your password…you should do this each week anyhow
  2. Be outraged that the service you are using has not properly certified the resiliency of the infrastructure that houses your information and in some cases your reputation

It is time to get outraged and perhaps then we will start to see change.

Kyle Flaherty also blogs for BreakingPoint Systems about cyber security simulation and validating the resiliency.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Social Business”

Topics

Fridge, Security, Network, Twitter Inc., Network Security, Jennifer Leggio, Resiliency, Network Resiliency, Data Centers, Networking, Social Networking, Storage, Hardware, Data Management, Online Communications, Marketing, Advertising & Promotion

Jennifer Leggio, aka "Mediaphyter," writes about the "social business" side of social media - including enterprise, security and reputation issues.

Disclosure

Jennifer Leggio

Jennifer is employed full-time with Fortinet, a leading network security appliance vendor. She is also actively involved in the network security community and works with the Security Bloggers Network. She co-manages the annual Security Bloggers Meet-UP at RSA Conference.

Jennifer is also involved with Silicon Valley Tweet-Up, a philanthropic networking event that brings people together to raise money for local family-oriented charities.

The blog posts here are solely her opinion and do not represent her employer or any other organization with which she may be affiliated.

Biography

Jennifer Leggio

Jennifer Leggio (@mediaphyter) has been a communications professional for more than 15 years, focusing primarily on enterprise technology and security. She is currently the director of strategic communications for a leading network security vendor. Jennifer is also passionate about all things social media, especially enterprise, security, privacy and reputation issues, which is why she writes about these things for ZDNet.

A well-connected communicator, Jennifer has led or supported interactive social networking efforts for security industry conferences including RSA Conference, Black Hat USA and SOURCE Conference, and founded the Security Twits, a community for network security professionals. She also helps run communications for the Security Bloggers Network.

Finally, Jennifer co-hosts the Quick'n'Dirty social media podcast with Aaron Strout, is a founding member of Technically Women, a communal blog project, and manages marketing and public relations for Silicon Valley Tweet-Up, a networking group that raises money for family-oriented charities. Jennifer was profiled in Silicon Valley San Jose Business Journal's "40 Under 40" edition, as a rising star for 2009.

Talkback Most Recent of 30 Talkback(s)

  • You have zero credibility now
    UL = Underwriters Laboratories

    And the link is broken.
    ZDNet Gravatar
    aep528
    3rd Mar 2010
  • She lost me at
    If you don?t have an iPhone you are probably even more cutting edge with a fancy Droid, or perhaps you are just waiting for that iPad to arrive
    ZDNet Gravatar
    John Zern
    3rd Mar 2010
  • LOL - Amen! twitter is a joke and waste of brain cells IMHO...nt
    nt
    ZDNet Gravatar
    USTechHead
    3rd Mar 2010
  • RE: Social network security: Where is the outrage?
    I was reading a report on bots and I can tell you
    there are TONS of bots on Facebook -- I asked
    'security' if they are to run the games.... NO ANSWER.
    I went to my privacy page, and 'block' and entered
    'auto bot' and many variations thereof -- there are
    literally HUNDREDS, if not a THOUSAND, bots -- auto
    lab, automatic lab, automatic laboratory (ies), manual
    lab, ghost, private, auto bot, au to, etc... if you
    can think of a way to hide it - there it is!! I've
    blocked many but it seems neverending! I do not know
    if I even should be blocking. No one will address
    this issue. Facebook Security has not issued a
    statement.
    ZDNet Gravatar
    italiandiva755
    3rd Mar 2010
  • Bogus Virus Warnings
    Because of a hot local issue, I've been on Facebook more this week than I've been all year, and sure enough I got several ostensibly legitimate pop-ups warning me that my computer was infected and I should download this application right away to fix it. The popups *looked* like they were from Microsoft, but I'm pathologically suspicious of gratuitous .exe files. I had a hard time making them stop (hitting "Cancel" only generated another instance, but closing IE entirely finally stopped the onslaught). Just in case, I immediately ran a full Trend Micro scan and found nothing more than a couple of errant cookies -- but it was nerve-wracking because I'm not at all tech savvy (unless you count being smart enough not to download those stinkin' .exe files). It had to be Facebook because I generally don't have these problems.
    ZDNet Gravatar
    cyoungcl@...
    3rd Mar 2010
  • You want to be REALLY secure?
    Don't use these stupid social networking sites.
    ZDNet Gravatar
    IT_Guy_z
    3rd Mar 2010
  • You want to be REALLY secure?
    I'm glad i'm not the only one that thinks these sites are dumb!

    To all the social networkers open your front door, breath in some fresh air and enjoy planet earth! Take your phone and burn it because these companies have you eating out of their hands!
    ZDNet Gravatar
    rob.sharp@...
    3rd Mar 2010
  • exactly...
    This w/ Twitter not two weeks ago:

    http://blogs.zdnet.com/Howlett/?p=1825&tag=nl.e539

    And Facebook is just as bad
    ZDNet Gravatar
    SonofaSailor
    8th Mar 2010
  • RE: Social network security: Where is the outrage?
    I email Microsoft each and every time I am offered prostitutes on their official Live website.

    And bless them they write back, often saying they are as cross as I am. They should be crosser, since they've wasted their Social Network investment while I've only wasted a few minutes.

    Spare a thought for the working girls with wasted lives.

    DH
    ZDNet Gravatar
    David 1/2d
    3rd Mar 2010
  • RE: Social network security: Where is the outrage?
    You're a total idiot if you believe you have ANY security
    in social networks! It will take a catastrophic event to
    open your eyes and you will probably still think you need
    it.
    ZDNet Gravatar
    Redeye Dog
    3rd Mar 2010
  • RE: Social network security: Where is the outrage?
    Here's your outrage!
    Live in the real world people! When will everyone realize social networking is just the latest fad? Remember when hosting your own web site was cool? This will join those ranks in another year or two. Look how many idiots have landed themselves in hot water because of the posts to Twitter (dumb), Facebook (Dumber) and Myspace (dumbest)!
    ZDNet Gravatar
    rob.sharp@...
    3rd Mar 2010
  • RE: Social network security: Where is the outrage?
    Horse. Gift. Mouth. Period.
    ZDNet Gravatar
    Robert Hahn
    3rd Mar 2010
  • Same old song with a different tune
    The reason that nobody cares about the security of
    social networks is this:

    In general, these are the same users who don't give a
    hoot about spyware, trojans, malware and viruses and
    ignore the incessant pleas from their PCs or are just
    too damn lazy to update their definitions and
    software. I have found this to be particularly true
    with younger users who will click on anything and
    whose parents/boss/IT guy bails them out months after
    they click on something bad and their PC grinds to a
    halt. If more users paid attention to these issues,
    it would no longer BE an issue.

    I don't know about you but I use Facebook and I stop
    and think about it before I click on or accept
    anything because I'm aware of the possible
    implications.
    ZDNet Gravatar
    twirth5
    3rd Mar 2010
  • RE: Social network security: Where is the outrage?
    "Where is the outrage?" you ask? It's no where because there's no where to heard. My wife has a fairly common name. Suddenly, people were posting on her Facebook page. She tried to complain to Facebook and they denied it could happen. Then she found someone on Facebook with the same name. After contacting her, she said she was getting people posting on her page, too. And again, Facebook denied it could happen.

    Basically, there's no outrage because the social networking providers are in denial. An independent social networking referee is needed. When users are warned away, the membership will stop growing, begin to shrink, and only then with the providers begin to get serious about security.
    ZDNet Gravatar
    jrmcq1
    3rd Mar 2010
  • RE: Social network security: Where is the outrage?
    I stopped using all of them about the beginning of September2009 and warned all who were connected to me to do the same... facebook, Twitter, all of them just invite problems which I do not need. At least my current emails seem more protective, and I can block who enters my system to a better degree. That's a close enough contact for me... I don't really want to know when my sister jumps on her "potty" chair!
    ZDNet Gravatar
    roderw
    3rd Mar 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources