Cautionary tales from the social-networking universe
Ah, social networking. It鈥檚 become the fabric of today鈥檚 Internet generation. Don鈥檛 have a Twitter account? Heavens, even Sen. John McCain has a Twitter account. Signed up with Facebook? Only losers don鈥檛 have a Facebook account. MySpace? Not bad, but it鈥檚 so five minutes ago.
But as lovely as social networking may be, there are a few problems. One of the biggest appears to be that you can kiss your privacy good-bye.
Now, I鈥檓 not talking about the predilection of some people to share intimate details about themselves on social networking sites. I鈥檓 actually referring to the other things that might help contribute to your financial ruin.
Those most enthusiastic about social networking are cybercriminals. They drool at the prospect of seeing the personal information of the 175 million people on Facebook. And they know how to use that information.
For example, cybercrooks take great interest in the names of pets or grandparents on Facebook pages. That鈥檚 the kind of information that banks and credit-card companies use to verify who you are when you bank online.
鈥淭here are so many people on social-networking sites that it is becoming profitable for bad guys to go there,鈥 David Perry, global director of education at software security firm Trend Micro, recently told Agence France-Presse (AFP). 鈥淏ad guys can see all the things you post. You may be revealing personal information that is extremely valuable.鈥
Now Facebook has made revealing personal information even easier. This past week, it announced that users can change their privacy settings so everyone can see their profile. The company was actually responding to a request from many users who wanted the ability to share their information with even more people.
As I said, cybercrooks are drooling.
Now, I鈥檇 like to believe that people would be smart about their privacy control settings. I鈥檇 also like to believe that AIG was only thinking of the public good when it gave out bonuses. I am always guided by the words of a security expert at Carnegie Mellon鈥檚 cybersecurity unit who said to me years ago, 鈥淕iven the choice between computer security and dancing penguins, people will take dancing penguins every time.鈥
Which brings us to Koobface. Aside from being a mildly clever riff on the word Facebook, Koobface is a computer worm that allows hackers to get hold of your passwords and do bad things on your Facebook account.
The most recent Koobface attack came in the form of a message claiming to be from friends that wanted to share digital video of the recipients. It prompted people to download viewing software in order to see the video. But what it really downloaded was Koobface.
鈥淚t steals your cookie on your [PC] 鈥 not just for Facebook but for a half-dozen social-networking websites including MySpace,鈥 Jamz Yaneza of Trend Micro told AFP. 鈥淵our account is compromised at that point. Using the hijacked cookie, it tries to log in as you, goes through your address book, and starts posting messages and comments.鈥
Aside from bad guys trying to obtain personal information, there is the tendency by some to scan social-networking sites for what people are saying about their employers.
The Toronto Globe and Mail ran a story Monday about Twitter being the 鈥渘ew office gaffe trap.鈥 Worse, people tend to share information about the internal workings of their companies. Netragard, an 鈥渆thical鈥 hacking company, says it can gain access to any company鈥檚 most important data within minutes by using the information that is freely available on Twitter, Facebook, and other social networking sites.
Then there is the 鈥渨ho owns the stuff that you post鈥 question on social networking sites. Facebook recently ignited a firestorm when it tried to change its terms of service to claim ownership over any content subscribers uploaded to the site.
To its credit, Facebook backed off and has asked its users to give it suggestions about how to resolve this issue. But as sure as flowers bloom in the spring, you can bet that social-networking sites, eager to make a buck off their free services, are going to continue to push the envelope on who owns the information posted on their sites.
So what can you do? Be smart. Once again, follow the maxim 鈥渄on鈥檛 put anything on a social-networking site that you don鈥檛 want to see on the front page of the local paper.鈥
Don鈥檛 gripe about your boss or company online. Don鈥檛 talk about company business. Don鈥檛 share information that cybercrooks might use to gain access to your back accounts or credit cards. And don鈥檛 click on links that ask you do download software, even if it comes from a friend. Check with the friend first to make sure they actually sent it.
