It strikes me as somewhat of a mystery that the social networking explosion has not given rise to equal amounts of reaction to the security concerns it can create. Besides the obviously sensationalized issue of "bullying" or intimidating through this personal medium, the greater issue of security is a significant concern that should be thoroughly thought about and discussed.
Consider a typical social networking environment in which users are able to link with friends, distribute topical commentary and share endless bounds of content treasures discovered by even more endless "circles of friends." I will admit, there are some nuggets of gold to be had within these social circles and content sharing, but there are also many nuggets of pyrite (fools gold) with sinister intention hidden in the seemingly endless treasure trove of links.
By dissecting the nature of social networking, it is easy to see how a threat can flourish at an alarming rate on a large scale of unknowing recipients. Given that the "circle of contacts" users typically befriend are people that they know and inherently trust. And since there is an assumed trust, one would not expect these contacts to knowingly distribute malicious links or content. Unfortunately, trust is not 100 percent guaranteed, and is possibly compromised by hackers discovering login credentials and pushing their attack items to the trusted contacts from that login. Even more alarmingly, third-party applications inherent to social networks have been identified as sources of malicious intentions. Obviously the social networking vendors are taking security seriously and scrutinizing externally developed applications before they are published on their networks, but unfortunately, as seen in 2009, there will always be a highly motivated developer determined to don their wares on unsuspecting recipients and figure out a way to bypass security measures.
What does this mean? Is it safer to boycott social networking and step back into non-digital mediums for social interaction? This won't work, as social networking has an established foothold in the everyday lives of millions, and the perceived value far surpasses the potential threats. So that leaves us with the question of security and how can we apply security processes, tools and techniques to this new generation of applications, ensuring freedom of use without risk of compromise.
Think about the basics - regardless of the increasingly sophisticated delivery method of threats, many of the traditional protection methods are still valid. By ensuring the most recent security patches and updates for operating systems and applications are applied, you are staying ahead (or just behind) the curve of attack opportunities. Use of desktop security software is an absolute must, as the vast majority of attacks will still rely on the ability to install and execute some code from the desktop system. If you have a reliable desktop security product and it is up to date, much of these attempts by attackers will be thwarted ensuring you are not falling victim to an attack carried by social networking.
As Fortinet cyber security and threat researcher Derek Manky says, "Think before you link." Make a judgment call on links proposed to offer "so-called internet gold". Does that YouTube link forwarded to you actually take you to YouTube? Did you verify the domain in the URL? Youtube.com can look like y0utube.com at a glance. Avoid links on a Web page that suggest updates to applets or applications - more than likely the application will have their own update mechanism and will guide you through an update if necessary vs. a "click to upgrade" propose link.
Be social, but be safe.
Anthony James, vice president of products for Fortinet, has 16+ years of networking and high-tech product experience. His objective is to help ensure Fortinet’s continued market leadership and technology innovation, and to proliferate the value of ASIC-accelerated, consolidated security as the core function in protecting the world’s enterprises.
[Disclosure: Fortinet is also Jennifer Leggio's employer]