LinkedIn, Facebook, Twitter Users Beware
[FUD Watch with CSO Senior Editor Bill Brenner] The headlines are full of doom and gloom about attacks against Twitter, Facebook and LinkedIn users. Take this threat seriously, but don't let the alarming headlines drive you away
By Bill Brenner , Senior Editor
January 08, 2009 — CSO —
When reports surfaced this week about attacks on Twitter and LinkedIn, I took notice. I use these social networking programs extensively, along with Facebook.
Looking at the specific nature of the attacks, this seems like more than FUD. It is something to be taken seriously, given the deep penetration of these sites in the business world. But don't be spooked by headlines suggesting this threat is something new. It has existed since the day these programs went live.
Social networking is increasingly part of our daily lives. For some, it's as natural as breathing. People post status updates to their Facebook pages from their mobile phones (my dopey but lovable cousin likes to do this while driving to work at rush hour). The line between real business and personal business is mushy and deteriorating. This makes it a tempting target for those who would exploit security holes in the technology. That's especially true when it comes to social engineering attacks -- where the bad guy sends out what appears to be legitimate messages from legitimate contacts, duping people into opening messages and URLs that are laced with malicious code.
My use of these programs shows how the line between the personal and professional has blurred.
I use LinkedIn exclusively for business. I use it to build my base of contacts in the security world and it has become an online Rolodex of sorts. When I'm looking for people to interview for something I'm writing or I want to assign guest columns, I reach out to people on LinkedIn. From there, I set up phone interviews or go back and forth by e-mail for those who are more strapped for time. It has become what the old-fashioned phonebook and Rolodex were to me 15 years ago, when my journalism career began.
I use Twitter to make quick contact with my security sources and to ask general questions of those in my network. But it often becomes a place where we just chat about everyday life, TV shows and the weather. The casual nature of it makes Twitter a particularly easy target, as we saw with the recent Twitter incidents.
Then there's Facebook, the grayest program of all for me. Most of my security contacts are on there and I often use it to get a business-related message out. I also use it to display all the content I create for CSOonline, as do many of my colleagues and industry associates.
Understanding malware techniques and the ever-more sophisticated cybercrime ecosystem
Virtual analysis misses 1/3 of malware?
Advanced evasion techniques emerge
Organized cybercrime revealed
The rise of anti-forensics
The botnet hunters
Timeline: a decade of malware
- Enterprise File Sharing: All You Need to Know
- Forrester Research and EMC on Continuous Availability
- Big Ideas; Big Tech-Continuous Availability for VMware
- Reduce Costs, Maximize Performance and Ensure High Availability of your Business Critical Applications
- Software Asset Management - Program Considerations to Help Reduce Risk and Lower Costs
- Content Analytics Explained
- Mandiant's APT1: Revisited
The Mandiant APT1 report made our industry stronger by encouraging -- if not forcing -- information sharing. By Nick Selby - Attacks from China: A survival guide
- #FFSec: Infosec pros who bring value to Twitter
More Salted Hash with Bill Brenner
