Privacy - Introductie Beware of privacy – security fallacies ! Privacy ...
Social Media the Privacy and Security Reper
-
Upload
rafael-aleman -
Category
Documents
-
view
213 -
download
0
Transcript of Social Media the Privacy and Security Reper
-
7/28/2019 Social Media the Privacy and Security Reper
1/3
Social Media: The Privacy and Security Repercussions
Johnny Widerlund, June 19, 20103 CommentsWhy Making Google+ Part of your Web Presence & SEO Strategy is a Good Idea by Krista LaRiviere, gShift Labs
More and more people are using social media sites to get the latest news and connect with others.
The more comfortable we become with these sites, the more apt we are to share personal details
about ourselves and let our guard down as we interact with others.
Are we sharing too much private information? Is what we share -- both deliberately and inadvertently
-- and what we click putting our privacy and security at risk?
Our Widespread -- And Growing -- Use of Social Networks
Growing numbers of people around the world are embracing social networks. Facebook has recently
taken the lead as the most visited website in the United States -- and is popular all over the globe,
with over 400 million users worldwide. On the same note, Twitter is said to have more than 100
million users worldwide, and -- a testament to its worldwide user base -- 60 percent of registered
accounts are from outside of the U.S.
Yet, looked at from a privacy and security angle, it's impossible not to also see the potential toll of
this widespread sharing and openness.
Just How Risky is Our Online Behavior?
The facts tell us that the majority of social media users post risky information online, without giving
due diligence to privacy and security concerns. At the same time, cyber criminals are targeting social
network sites with increasing amounts of malware and online scams, honing in on this growing user
base.
According toConsumer Reports' 2010 State of the Net analysismore than half of social network
users share private information about themselves online, opening themselves up to a variety of
online dangers. The key findings of the report include the following:
25 percent of households with a Facebook account don't use the site's privacy controls or
weren't aware of them.
40 percent of social network users posted their full date of birth online, opening themselves
up to identity theft.
9 percent of social network users dealt with a form of abuse within the past year (e.g.,
malware, online scams, identity theft or harassment).
Social Media: 'A Perfect Storm of Social Engineering and Bad Programming'
The values at the core of networking sites -- openess, connecting, and sharing with others --
unfortunately are the very aspects which allow cyber criminals to use these sites as a vector for for
various kinds of bad online behavior. In fact, reports of malware and spam rose an astounding 70
percent on social networks in 2009, according to anindustry reportfrom security firm Sophos.
http://searchenginewatch.com/author/1862/johnny-widerlundhttp://searchenginewatch.com/author/1862/johnny-widerlundhttp://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.networkworld.com/news/2010/020110-facebook-twitter-social-network-attacks.html?source=NWWNLE_nlt_daily_am_2010-02-02http://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/overview/index.htmhttp://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBNJo7q8JIUbvbDM6KlAKS3YHoBOiFo8UDAAAAEAEgADgAWKD6k7pBYMmO34bIo5AZggEXY2EtcHViLTM3NjYwNDEyMjE0MzY1NTeyARVzZWFyY2hlbmdpbmV3YXRjaC5jb226AQlnZnBfaW1hZ2XIAQnaAWBodHRwOi8vc2VhcmNoZW5naW5ld2F0Y2guY29tL2FydGljbGUvMjA2NTkyOC9Tb2NpYWwtTWVkaWEtVGhlLVByaXZhY3ktYW5kLVNlY3VyaXR5LVJlcGVyY3Vzc2lvbnOpAsusVILUVbk-wAIC4AIA6gISNDgxOC9zZXcudXMvc29jaWFs-AKB0h6QA6wCmAPQBagDAdAEkE7gBAGgBiA%2526num%253D0%2526sig%253DAOD64_0je5Kn_t94TXgDNES7HrFvUZy_SQ%2526client%253Dca-pub-3766041221436557%2526adurl%253Dhttp:/www.gshiftlabs.com/making-google-part-of-your-web-presence-and-seo-strategy/http://searchenginewatch.com/article/2065928/Social-Media-The-Privacy-and-Security-Repercussions#commenthttp://searchenginewatch.com/author/1862/johnny-widerlund -
7/28/2019 Social Media the Privacy and Security Reper
2/3
"Social networking sites are meant to get as many users in one place as possible on one platform,
and for attackers there's a lot of return-on-investment in going after them,"saidsecurity analyst
Shawn Moyer, aptly describing the climate as a perfect storm of social engineering and bad
programming.
The notoriety of Facebook and Twitter make these social media sites a focal point for privacy
discussions and a prime target for malicious activity. Let's take a more in-depth look at recent
leading privacy and security issues.
'Privacy Loophole' Due to Referrer Headers
Referrer headers, according to Lavasoft Malware Labs security analysts, are commonly used to
distribute malware inSEO poisoning campaigns. For example, when you search for a particular
piece of news being used in a SEO poisoning campaign -- let's call this a "malicious page" -- your
search engine -- let's say Google -- may return a booby-trapped page in the list of results. When you
click on the link for the malicious page, it may check the referrer header of the request to decide
whether to deliver its malicious payload.
In this case, you were referred to that page by Google. If the booby-trapped page is designed toactivate when you arrive at the page via a Google search, it will release its payload. However, if you
typed the URL directly into your browser, there would be no referrer and the malicious page's
payload wouldn't activate.
Lately, referrer headers have been making headlines for an entirely different reason: leaking private
information on social media sites. The Wall Street Journal, citing an AT&T Labs and Worcester
Polytechnic Institute paper, reported that a "privacy loophole" found on social networking sites,
including Facebook and MySpace, allowed for data to be shared with advertisers through referrer
headers sent by browser software -- data that could potentially be used to identify users in spite of
promises from the companies that user information isn't shared without specific consent.
"Merely clicking an advertiser's ad reveals to the advertiser the user's Facebook username or user
ID," explained security researcherBen Edelman. "With default privacy settings, the advertiser can
then see almost all of a user's activity on Facebook, including name, photos, friends, and more."
This information was leaked to the advertisers because Facebook embeds usernames and user IDs
in URLs which are transmitted to advertisers through HTTP referrer headers. Facebook responded
with a message on "Protecting Privacy with Referrers," saying it quickly fixed the issue, which it
called a "potential" problem.
Edelman contends, "I found that a user's username/ID is sent with each and every click in the
affected circumstances. So the problem was substantial, real, and immediate. Facebook errs insuggesting the contrary."
Facebook's Privacy Settings: Controversy and Criticism
You almost need a timeline to keep up with the ongoing critiques that Facebook has faced in recent
months due to its attitude towards users' privacy. In mid-April, criticism was prompted by changes to
the networking site's privacy settings; concern was so great that theFacebook privacydebate caught
the attention of legislators, government officials, as well as privacy groups -- who criticized Facebook
http://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bnhttp://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bnhttp://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bnhttp://searchenginewatch.com/3640559http://searchenginewatch.com/3640559http://searchenginewatch.com/3640559http://www.benedelman.org/news/052010-1.html#leakhttp://www.benedelman.org/news/052010-1.html#leakhttp://www.benedelman.org/news/052010-1.html#leakhttp://www.facebook.com/note.php?note_id=392382738919http://www.facebook.com/note.php?note_id=392382738919http://www.facebook.com/note.php?note_id=392382738919http://searchenginewatch.com/3640638http://searchenginewatch.com/3640638http://searchenginewatch.com/3640638http://searchenginewatch.com/3640638http://www.facebook.com/note.php?note_id=392382738919http://www.benedelman.org/news/052010-1.html#leakhttp://searchenginewatch.com/3640559http://www.networkworld.com/news/2010/020310-social-media-risks-the.html?hpg1=bn -
7/28/2019 Social Media the Privacy and Security Reper
3/3
for not doing enough to protect the privacy of its users. Then, in the end of May, came Facebook
CEO Mark Zuckerberg'sresponseto the controversy, acknowledging that missteps had been made
and reaffirming that the site would simplify its privacy controls.
It still remains to be seen whether the new privacy controls that rolled out in late May will satisfy
privacy pundits and cautious users.
A Wave of 'Likejacking' -- And the Endless Malware Issues
Privacy issues aside, the world's favorite social media sites have also seen more than their fair share
of outright malicious activity, including the spread of viruses, phishing attempts, and other social
engineering ploys aimed at exploiting users' trust.
The latest major wave of attacks -- a form of clickjacking dubbed "likejacking" -- was seen
threatening Facebook users early on in June. According to security reports, hundreds of thousands
of Facebook users began falling for these attacks, where the victim is tricked into clicking a link that
then recommends the site on Facebook -- even when they didn't actively choose to "like" the site.
The ploy isn't part of an active malware or phishing attempt, but it certainly has the potential to beused by hackers to get into your system.
And, Facebook clearly isn't alone in the malware battle. Twitter has faced issues related to its
shortened URLs and the spread of viruses -- and we can be sure that both of these popular social
media sites will remain prime targets for cyber thieves.
Understand the Risks of Social Networks
With this plethora of privacy and security issues in mind -- and the strong likelihood that they will
continue to unfold and develop -- are we ready to give up on social networks? Not likely. Case in
point: "Quit Facebook Day," established by a backlash of privacy and security conscious Facebookusers, only garnered support from a mere 34,000 of the site's 400 million members.
While social networks like Facebook and Twitter may be too ingrained in our daily lives to give up,
we need to understand the risks and take steps to change the way we interact on the Web. After all,
our privacy and security on these sites -- in terms of how much we share with others and what we
consume -- is ultimately up to each of us.
Next Saturday, we'll look at nine ways to control your privacy on social network sites.
Join us forSES San FranciscoAugust 16-20, 2010 duringClickZ's Connected Marketing Week. Thefestival is packed with sessions covering PPC management, keyword research, search engine
optimization (SEO), social media, ad networks and exchanges, e-mail marketing, the real time web,
local search, mobile, duplicate content, multiple site issues, video optimization, site optimization and
usability, while offering high-level strategy, keynotes, an expo floor with 100+ companies, networking
events, parties and more!
http://blog.searchenginewatch.com/100524-112000http://blog.searchenginewatch.com/100524-112000http://blog.searchenginewatch.com/100524-112000http://www.searchenginestrategies.com/sanfrancisco/http://www.searchenginestrategies.com/sanfrancisco/http://www.searchenginestrategies.com/sanfrancisco/http://www.connectedmarketingweek.com/http://www.connectedmarketingweek.com/http://www.connectedmarketingweek.com/http://www.connectedmarketingweek.com/http://www.searchenginestrategies.com/sanfrancisco/http://blog.searchenginewatch.com/100524-112000