Social Networking – Some elementary security

Thanks to my shiny white teeth I’d like to promote this latest service…

No, not really!
As some of you may have noticed last week my Facebook status was updated some time before I woke up on 28th December with what was clearly an ad for teeth whitening.

I am still baffled as to how this information was placed on my profile page as I consider myself to be careful with my passwords. It’s interesting to note that the page was updated from the Facebook mobile portal which I don’t use due to the high cost of Internet access with my current GSM carrier. Shortly after I discovered and deleted the status I also changed my password to something even more secure.

But passwords are not the only weak link in your profile, the third party applications that you authorise to access your page can also cause problems and some app writers do not provide adequate security for your data. Commercial provider of some applications for Facebook and MySpace, Rock You, looks like it’s going to be hit with a class action after a breach of their security

The suit accuses the maker of apps like “Slideshow” for MySpace and “Superwall” for Facebook of making its unencrypted customer data “available to even the least capable hacker.”
http://www.wired.com/threatlevel/2009/12/facebook-app-data-breach/

I don’t add many applications to my profile because I don’t like the authorisation you need to give them but this is not the only area that people are lax in their security. A really common practice on many sites is allowing users to easily find their friends online by providing their Hotmail, Yahoo, Gmail or MSN email address and password.
There are two problems with this. Firstly you are trusting the site you’re on to do the right thing with your password and secondly (and possibly more importantly) you’re building up complacency with your password so that, when logging into a site you don’t know or haven’t even heard of before, you have no issues with providing your email address and password as if it means nothing at all.

If you think your email address doesn’t mean anything to you and this is not an issue you’re wrong. Access to your email means access to many other things that you use online. Think about all your contacts, subscriptions, website memberships, banking and anything else you’ve handed your email address to and think what would happen if someone maliciously went through everything you did so you were no longer in control of your identity.

I never use these “find friends” systems and while I strongly recommend that you don’t either I accept that they can serve their purpose. If you are going to use them then make sure that it’s on a site that you know or consider to have integrity.


This entry was posted in Technology, Web Design and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *