Social Networks Are 'Huge Boondoggle for Bad Guys'

Social networks give cybercrooks a potentially powerful point of leverage, sometimes allowing them to launch sophisticated attacks against businesses. However, companies may be reluctant to institute a zero-tolerance ban on all forms of online social networking. A balance of good education, good policy and good technology must be struck.

You've gotta love social Reach More Customers with Live Chat - Free Whitepaper networking. It lets us make zillions of "friends" all over the world, it's making corporations scramble to meet customer requirements, and it's made Mark Zuckerberg and a few other people very, very rich.

Unfortunately, cybercriminals are among those other people enriched by social networking.

For instance, it's believed cybercriminals mined data on social networks before launching highly targeted attacks that let them breach the systems of companies like RSA and Epsilon recently.

"The social media world has been a huge boondoggle for bad guys, not just in digging up information about you, but also in the vector of attack," said Stuart McClure, general manager, SVP and CTO of the risk and compliance unit at McAfee. "Bart Simpson used to put 10 megaphones together and whisper so it became a huge cacophony of sound. Much the same thing is happening with social media."

McClure's remarks were made at a panel on "Security, Privacy and Risk Considerations in a Social Networked World," held at the Information Technology Security Entrepreneurs Forum at Stanford University recently.

Other problems that crop up in a social networked world include a lack of privacy, and possible weaknesses in the security of the networks themselves.

Cybercriminals and Social Networks

Social networks have proved to be a rich hunting ground for cybercrooks.

They let the bad guys hit hundreds or even thousands of victims with simple attacks such as spoofed, or faked, messages from their friends containing links to sites with malware. Cybercriminals have taken the next step, now scouring social networks for information about prospective targets before launching their attacks.

"The use of social media as an attack vector by malware authors has grown at a pace equal to or even greater than the general use of social networks as a communication medium," James Brooks, director of product management at Cyveillance, told TechNewsWorld.

That's due to the increasing popularity and use of social networks; the availability of tools that can help mask malware threats, such as URL shortening; and a lack of awareness about security on the part of consumers, Brooks said.

Corporations are increasingly being exposed to hacking by savvy cybercriminals who glean information about their employees from social networks.

Controlling Social Network Exposure

Are corporations in general at risk from cybercriminals mining social network sites for data on their employees for use in targeted email attacks? It's quite likely.

If RSA, which itself is in the IT security business, can be hit by cybercriminals leveraging social network sites, which corporation is safe? And what can be done about it?

"CIOs don't know how to deal with the problem of social networks, even though social networking's one of the most widely used technologies today," Russell Thomas, a Ph.D. student in computational social science at George Mason University, told TechNewsWorld.

That makes them vulnerable. Add in budget and time constraints and the inadequate solutions offered by vendors and you have a powder keg just waiting to go up.

"There's only so much time in the day; CIOs have only so much budget, and they look at solutions offered by vendors -- Microsoft (Nasdaq: MSFT), Google (Nasdaq: GOOG), Facebook and so on," Thomas said. "But there's a gap between what social networks enable and the security they offer, and the people who are best at exploiting the gap are the marketers and the cybercriminals."

Instituting corporate policies banning or restricting access to social networks on office computers may not be an acceptable solution.

"You have to enact policies people will follow," Thomas explained. "People under 30 are used to social networks and mobile devices, and they may not follow restrictive policies."

For example, the United States military initially banned social networks, then allowed them and now encourage their use because "it makes the troops feel less disconnected from their families, so they're willing to go into the field again," Thomas stated

What about people limiting the amount of data they put on social networking sites? After all, we don't walk into a shopping mall and begin showing perfect strangers photos of our family and telling them personal details about ourselves. Shouldn't we apply those same precautions on social networking sites?

Trusteer, told TechNewsWorld. "However that would defeat the entire purpose of social networks, which is sharing."

For example, people sign up to LinkedIn to get job offers and business offers, Boodaei explained. They need to expose their names, titles and resumes.

That's all the information cybercriminals need to create carefully targeted email attacks, Boodaei said. "Trying to limit the use of social networks or the content we share on these sites is not likely to succeed," he warned.

Education Is Not Enough

Many security experts suggest corporations implement more user training and education programs.

"While there is no silver bullet to eliminate all threats, education is certainly the key approach, and what you should do first and repeat often," Cyveillance's Brooks said.

"With intelligence gained about potential targets from social networks as well as other areas on the Internet, criminals can obtain the information needed to craft emails that will fool even the most savvy of users," Cyveillance's Brooks said.

Brooks is talking about training employees to adopt a security-conscious point of view. That would include refraining from opening unsolicited emails or clicking on embedded links or attachments without ascertaining the sender's identity first.

However, education alone is not a panacea.

"Education is necessary, but enterprises should assume that cybercriminals can outsmart employees," Boodaei pointed out.

"They need to update their security architecture, which includes implementing solutions that defend against zero-day attacks on endpoint devices," he added.

"The best that can be done is to educate employees, set up a good social media policy, and detect the attacks in progress using the latest technologies designed to stop social engineering attacks," Brooks suggested.

Source: http://www.technewsworld.com/rsstory/72316.html

hawks chicago tribune royal wedding invitation maroon 5 jillian michaels

Brand Wants To Star In Movie With Perry

2 hours ago | WENN | See recent WENN news ?

British funnyman Russell Brand is keen to star in a movie with his wife Katy Perry after their scene in Get Him To The Greek was axed.

The Arthur actor filmed a kissing clip with Perry for the comedy, just before they started dating in September 2009.

The pair became engaged before the movie was released, and Perry's cameo was axed for fear it would be "too cheesy" for viewers.

But Brand, who is now married to the I Kissed a Girl hitmaker, is hopeful he will one day get to appear on screen with the singer.

He tells Britain's Daily Star, "I'd love to star in a movie with my beautiful wife Katy, of course I would. That would be great. I'm up for it."

Report a problem


JavaScript Required

This feature requires JavaScript. Please enable JavaScript in your browser, or use a browser that supports it.

?

Sort: most recent first

Loading...

?


Similar News Items

Katy Perry
Russell Brand
Get Him to the Greek (2010)

IMDb.com, Inc. takes no responsibility for the content or accuracy of the above news articles, Tweets, or blog posts. This content is published for the entertainment of our users only. The news articles, Tweets, and blog posts do not represent IMDb's opinions nor can we guarantee that the reporting therein is completely factual. Please visit the source responsible for the item in question to report any concerns you may have regarding content or accuracy.

See our NewsDesk partners

Source: http://www.imdb.com/rg/rss/news/news/ni9824815/

dts kristin cavallari poplar bluff mo arkansas weather asus eee pad transformer

HTC Sensation on Sale June 8th, Says Sneaky Google Adwords [Blip]

When is HTC's new flagship phone due for arrival? If you believe Google Adwords—bought by HTC to direct searchers to their site first—it's the 8th of June. Apparently some of the official product shots of the Sensation also showed the date of June 8 on the phone too, which just strengthens the idea. Can you wait that long for HTC's dual-core sweetness? [TMO News via Uberphones via UberGizmo] More »


Source: http://feeds.gawker.com/~r/gizmodo/full/~3/iL8i_RTibfI/htc-sensation-on-sale-june-8th-says-sneaky-google-adwords

blazers billy graham mla format chelsy davy ign

Stowmarket Sport: Badminton: Fightback glory for Stowmarket ...

A pair from rival clubs joined forces to earn victory in the ladies doubles final at the 48th Ipswich and District Badminton League Championships at Northgate Sports Centre.

A third game was needed to decide the outcome but Karen Adderson (Meadlands) and Amanda Newcombe (Stowmarket) prevailed, fighting back from 18-13 down in the decider against Sue Poole and Sarah Gooding (YMCA) to win 10-21, 21-13, 21-19.

Source: http://stowsport.blogspot.com/2011/04/badminton-fightback-glory-for.html

ecards magic johnson steve jones free e cards brigitte bardot

Is Celebrating Death Appropriate?

Civil rights attorney Arsalan Iftikhar says Bin Laden's death is a reason for Muslims to celebrate. The head of Washington D.C.'s national synagogue Rabbi Shmuel Herzfeld questions whether celebrating a death is ever appropriate. Host Michel Martin speaks with Iftikhar and Rabbi Herzfeld about the impact of Bin Laden's Death from a spiritual perspective.

Source: http://www.npr.org/2011/05/02/135920809/is-celebrating-death-appropriate?ft=1&f=1016

tyrod taylor doodle for google chuck norris john stamos flowers online

Google Voice and Sprint Make a Very Nice Couple

couple holding handsGoogle and Sprint?s integration of Google Voice is just starting to become available, and if you are a Sprint user with a smartphone, you should seriously consider playing matchmaker.

The idea is pretty simple.

You go to Google Voice, sign up with a Sprint number, and your phone magically turns into a Google Voice phone. Existing users can go into their list of phones and click a link to turn their Sprint phone into the magic phone.

By choosing to integrate Google Voice on your Sprint phone, you get the best of both worlds with a few caveats ? and it?s especially cool if you are new to Google Voice.

If you don?t already have a Google Voice account, it?s quite simple. Your Sprint number simply becomes your Google Voice number ? without having to port it over ? making it super easy to have one number to rule them all.

For those who aren?t familiar ? that means that you can set your cellphone number to ring all your phones and even your computer through a Gmail account. You get voicemails transcribed and sent to your e-mail. You can set rules for each caller, and get cheap international calls. You can see the texts sent from your phone online, screen calls and send texts from your number from Google Voice.

All calls, except international ones, use Sprint?s network so you still get the benefit of reliable call quality. International calls are routed through Google?s pre-paid, low-rate service.

For those with existing Google Voice numbers ? or those like me who have already ported over a number to Google Voice, the process works the opposite way.

Namely, your Google Voice number largely becomes your cellphone?s number. Once you turn the feature on, all your outgoing calls and texts from your Sprint phone automatically use your Google Voice number.

Previously, if you wanted this, you had to set Google Voice for this and use the Google Voice app to send text messages. Now any text-message program will send out SMSes using your Google Voice number.

Even better, all calls use your Google Voice number ? but you will no longer use Google Voice?s servers to make domestic calls. Previously, Google Voice calls worked much like a calling card, adding an intermediate hop that too often added static to the call.

With the integration, domestic calls sound clearer using only Sprint?s network. And since these calls go through Sprint, you get the benefit of Sprint?s free mobile-to-mobile calls for its smartphone plans ? which isn?t possible for those using the Google Voice app.

International calls will, however, automatically go through Google Voice, using its low, pre-paid rates.

Voicemail is now natively handled by Google Voice, but the default voicemail app won?t show them. You?ll have to find them in the Google Voice app.

This introduces the one of the oddnesses for existing users turning this on. You?ll have to make changes to your Google Voice app. The easiest way to do this is to switch this on for your phone on the Google Voice webpage, then uninstall the Google Voice app from your phone, then re-install it.

This will keep your phone from continuing to make calls through Google Voice?s servers.

The other big issue for existing Google Voice users? MMS, which is basically text messages with photos.

Google Voice numbers can not accept MMS messages. Any MMS sent to your Google Voice number will disappear into the digital dead-letter office, with no notice to the sender or recipient.

You can send an MMS from a Sprint-Google Voice phone through the native text-message app, but it will be sent out showing your Sprint number, not your Google Voice number. You can receive MMSes, but also only if people send it to your Sprint number. For new users turning their Sprint number into their Google number, however, sending and receiving MMSes is just fine.

But given that the real point of Google Voice is that people only need to use one number for you, this is a big drawback for current Google Voice users.

There?s also something oddly unfair for Google Voice users who pined so long to port their number from their cellphone to Google Voice, which didn?t happen until late last year. Now that decision, which cost $20 and time on the phone with a carrier, penalizes existing users. My colleague David Kravets and I would both love the option to port our numbers back to Sprint, and a refund wouldn?t be bad either.

One other annoyance: Gmail allows you to call out using your Google Voice number, and lets you send SMSes from Google Chat. However, those SMSes don?t come from your Google Voice number. To use your Google Voice number for SMSes sent from Gmail, you have to set Voice to forward SMSes to your e-mail and then reply to them as if they were e-mails. Alternately, you can open Google.com/voice and send SMSes from there ? but that shouldn?t be necessary.

All-in-all, though, the new Sprint integration is a no-brainer for existing and non-Google Voice users. The integration largely hides the mechanics of Google Voice while making your phone life much more feature-rich.

And unlike porting your number to Google Voice, it?s simple to turn on and easily reversible if you find you don?t like the service or get creeped out by having Google take over another part of your information life.

Photo: rcastag/flickr

Source: http://www.wired.com/epicenter/2011/04/google-voice-sprint/

royal wedding invitation maroon 5 jillian michaels new orleans hornets backstreet boys