Online social networking sites are hacker playgrounds
Agence France-PresseFirst

Posted 10:40:00 08/08/2008

LAS VEGAS -- Computer security researchers on Thursday warned that online social networking websites are playgrounds for hackers who can easily take advantage of people's trust.

Opportunities for mischief abound as users place intimate details of their lives on profile pages and install mini-applications made by strangers that don't always have their privacy at heart.

In a trend pioneered with tremendous success by Facebook, social networking websites have opened their operating platforms to let outside developers craft fun, hip, or functional software "widgets" that can be added to profile pages.

Malicious code can be hidden in such applications, computer security specialists Nathan Hamiel and Shawn Moyer said at a premier Black Hat conference in Las Vegas.

"Don't put anything on a Facebook account that you don't consider public."

A pair of MySpace engineers who attended the demonstration said that hacks are known risks in today's social platforms and that they had Hamiel's application deleted by the end of the talk.

Fake postings on comment boards advising people to update software are ways to trick social network users into downloading malicious software that can commandeer control of machines, Hamiel said.

"Social networks really don't care if you get ‘pawned’ or not," Hamiel said, using the slang term “pwned” referring to a computer user or gamer being dominated and humiliated by hackers or a fellow gamer.

"It is not a problem with a particular site," Hamiel said. "It is a problem with social networking in general."

Even if tainted applications are deleted, the odds are that the data from profile pages was already copied onto an outside computer, according to Hamiel and Moyer.

"MySpace and Facebook have no control over my servers," Hamiel said. "Once the content is moved from their site they have no control over that."

Those thinking that they will stay safe by not having social networking pages may still vulnerable to trouble, according to the security specialists.

Another ruse is to create social networking profiles for people using information mined from the Internet and then for the imposters to send out "friends requests."

Those that take the bait give open doors to the private data in their profiles.

REACTION

This issue is a very tricky issue. Why is that there's no agency who is prohibiting those hackers to manipulate and manipulate the private informations of the users or of the members of that site, just like for example the MySpace, most especially the Friendster, how come they are just allowing that to happen?

Many members or users of a social networking websites have no knowledge or don't know what is the importance of putting their informations in public, what would be it's advantages and disadvantages to them.

They fully trusted that website, that is if they put all their information there even if it is so confedential, they trusted that site that it would not be publicly be seen by other people unless consulting them.

Much better to do is that inform the users or those people using the social networking website that they should be careful of the information that they are putting because it will be publicly be posted and publicly be seen by everybody.

And tell them that if the information they are putting is private much better not to post them at the site.