Social networking sites are creating a means for hackers and conmen to worm their way into the confidence of users. Sites such as LinkedIn can be used to create a veneer of trust that leaves internet users and business at a greater risk of attack, according to a study by Danish security firm CSIS. Dennis Rand, a security …
One very bad practice
I'm not suprised at all about this and would like to expand a little on the bit about fraudsters setting up bogus social networking sites.
The bad practice i refer to is a marketing exercise used by a number of social networks. I'll mention a couple that I hate partoicularly: hi5.com and tickle.com
I was prompted to register to such sites when I received the same worded personal emails from my Yahoo! contacts. So I investigated...
Towards the end the registration process (or in the case of Tickle.com once you have finished a test) you are invited to submit your Yahoo!, MSN and AOL details to 'invite your friends' to the site. When you do this a script logs into your mail account, farms your contact list and sends out automated emails on your behalf.
This is dangerous because they promote the practice of giving out log in information to a third party. It's fair to say that big name social networks are trustworthy but it doesn't take much to set up a bogus version that offers the same functionality.
Tickle.com's TOS say that "If Tickle has reasonable grounds to suspect that you have shared your account access and password with another individual, Tickle has the right to terminate your account and refuse any refund."
One solution, if this is a problem, would be the likes of Yahoo! to prevent scripts logging into their accounts.
I hope something is done.
What would be the point if it weren't easier.
Computers/technology make things easier, for most everyone, wouldn't be much good otherwise would it ?
If you're dumb enough to get roped in ( creating a false trust is one thing, sending money another ) lets not give up yet more personal responsibility just because some sucker was born a minute ago. Scraped knees build character.
Elimination of the unfit and stupid
Anyone who uses the same password for a social site and anything with money involved is, quite simply, too stupid to be allowed on the net on their own anyway.
No sympathy whatsoever.
Keyloggers, trojans etc are a more serious worry, so I dont access my bank etc, except from a machine that I personally control the security on.
Blogger is a big security hole.
When you comment, it invites you to log in with your Google credentials. It would be the work of moments to make the comment link on a blog template go to a spoof page that collects these instead.
As a minimum, you could then read through email, issue password resets, etc.
Been Grifted? Let Me Know...
Answers gratefully accepted - at LinkedIn.com
Thank You Captain Obvious
If you lie to people on any forum you can build trust and then abuse that trust. Doe these guys really need press that badly that they would waste their time proving the obvious?
LInkedIn / Facebook : Why not just email the CIA a daily update on your life?
Great sites, if you like exposing your social / business schedule, contacts list and more to all and sundry state and private US authorities wishing to spy on you or use the exposed data to gain commercial advantage or insight into your life / business.
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
- In a spin: Samsung accuses LG exec of washing machine SABOTAGE
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed