Security Featured Article

Webroot reportedly announced that its latest market research survey on current social networking behavior patterns is ready and its most important findings are that 80 percent of respondents allow at least part of their profiles to be searchable through Google (News - Alert) or other public search engines, and more than 66 percent of respondents knowingly or unknowingly share personal information with strangers, and these factors combine to leave them more vulnerable to financial loss, identity theft and malware infection than they realize.

The company, which provides Internet security software to consumers, enterprise and small and medium sized business markets, claims that it studied the behavior patterns of more than 1,100 members of Facebook (News - Alert), LinkedIn, MySpace, Twitter and other popular social networks, and additional findings throw significant weight behind the growing concerns of threatened personal and financial security.

Resource analysts at the company claim that more than 58 percent are clueless about who is viewing their profile, 73 percent don’t restrict any profile information from being visible through public search, more than 33 percent include at least three pieces of personally identifiable information, more than 33 percent use the same password across multiple sites, 30 percent do not have protection against viruses and spyware and at least 25 percent accept “friend requests” from strangers.

“The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth,” said Mike Kronenberg, Chief Technology officer of Consumer Business at Webroot. 

The most common method, said officials, is to insidiously lure potential victims into download an infected file, visit a disreputable site outside the social network, or wire money to a “friend in distress,” and Webroot said the most villainous attacks include “Trojan-MyBlot,” which targets users of MyYearbook.com, “Koobface,” which targets Facebook, “mygener.im,” “ponbon.im,” and “hunro.im,” spread through other domains.

“Three in ten people Webroot polled experienced a security attack through a social network in the past year, including identity theft, malware infection, spam, unauthorised password changes and “friend in distress” money-stealing scams,” said Kronenberg. “The first step to staying protected is being aware of what the threats are and knowing how to help prevent them.”

The company claims that some of the smarter hackers guess passwords based on publicly available information. I recall an IT geek pal letting on that there is software that can actually run several permutations and combinations for zeroing in on passwords based on very little data, and the most common passwords to be avoided are names of loved ones including pets or birthdays.

The report reveals that the most vulnerable are people between the ages of 18 and 29, and they have predictable patterns such as: more than 50 percent use the same password across all their accounts compared with 36 percent overall, 40 percent accept a friend request from a stranger compared with 28 percent overall, 40 percent experience a security attack compared with 28 percent overall, 67 percent share birth date compared with 52 percent overall, 62 percent share home town compared with 50 percent overall and 45 percent share employer compared with 35 percent overall.

Interestingly, users below the age of 18 enter an earlier birthday to gain a social account. This is extremely difficult to avoid and make sure that social networking exchanges happen preferably with you in the vicinity.

“Hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social network has sent them a message – only the message is from a hacker who’s hijacked the friend’s account,” said Kronenberg. “We’ve seen instances where a salacious yet poorly worded message like, ‘This video of u is everywhere’ includes a link that, when clicked, prompts the user to download a seemingly legitimate file which, once on your PC, can do a number of things - spam your friends, monitor your online activity or record your personal information.”
The positive side of market analysis revealed that close to 80 percent expressed some concern over the privacy of the information they share in their profiles.

Webroot has made six sensible recommendations to effectively and securely use social networks:

Security Settings - Invest time in reading and learning security settings that may differ for each site, and then be sure to implement what the site advises – promptly share what you have learnt;

Unknown ID’s - Junk and spam any correspondence from id’s you are not familiar with;

Passwords - Select a randomised combination of numbers and letters for passwords, and any other keyboard combo with no logic attached to it (noted it down, otherwise you are screwed); Do not use the same password for each account even if you change this every week.

Anti-cybercrime software – It is worth investing time and effort to figure out the appropriate packages, and note that the good ones have a free version that can be used for life.

Install updates – Always! Especially for the operating systems, software, applications and Anti-cybercrime packages you use. Remember – there are a lot of software engineers working day and night to provide protection against newer waves of cyber intrusion.

Vigilance - Be alert for any kind of weird software behavior.

Also note that rogue elements using Man In The Middle MITM techniques unobtrusively, and without permission, listen in to digital conversations, impersonate known and trusted id’s, lure unsuspecting folk to fraudulent and apparently very secure Websites, and rely on mistaken and misplaced trust to persuade all critical information from you such as bank account and driving license details, credit card and social security numbers, and ATM and telephone pin codes. It is a con job and entire accounts have been cleaned out.

The most recent MITM cunningly replaces favorite bookmarked website icons with ones that seem like genuine secure icons. It cannot, however, replicate legal HyperText Transfer Protocol over a Secure socket layer (HTTPS) signatures.

Secure Web browsers include IE7, FireFox 3, and Opera 9.5. Dual factor verification refers to allowing additional clarifications from secure sites. Once Extended Validation (EV) SSL Certificates are issued addresses accessed turn green informing a user that security is guaranteed. Login during an SSL session refers to only web pages that have been activated by a user and not the ones that pop up or just appear on the screen. What also helps is to frequently shut down the Web browser, delete all data stored such as usernames, passwords and cookies, and then login again when required.

VeriSign, in the interest of the entire global network community, reportedly has issued “Ten Commandments” for steering clear of MITM attacks that have been exposed by Black Hat. Slightly modified, with literary license, the “commandments” are:

The growing consumer trend indicates that a high percentage of people turn to social networks to communicate, recommend, seek advice for all sorts of stuff, and have actually saved money on socially researched bargains and packages. Incidentally, there are specific Web spaces that leverage social networking recommendations for the hospitality industry, travel and pubs.