• Training news
  • 2009 news archive
  • 2008 news archive
  • 2007 news archive
  • 2006 news archive
  • 2005 news archive
  • 2004 news archive
  • 2010
  • 2011
  • 2012

• Bookmark and share
  • Technorati favourite
  • Delicious
  • Digg
  • Reddit
  • Facebook
  • Stumble Upon

• Recent pages
  • Data throughput on an Ethernet network
  • Using type professionally in InDesign
  • Exchange Server 2007 Management Shell
  • Microsoft finally drops - er - Windows 3
  • The changing face of Web site search

Social networking - a security time bomb?

Social networking Web sites - such as Myspace, Facebook and LinkedIn - are more popular than ever. But are we being so liberal with our personal information that we're making ourselves easy targets for hacking and identity theft?

14 November 2007

Social networking is something of a phenomenon – with literally millions of people networking for business or pleasure on line. We saw the same thing with the rise of the blog, but the difference with social networking sites is the amount and type of personal information that’s on display.

This information includes what looks like fairly harmless stuff – pictures of the spouse, children, parents, friends, holidays and so on. So why is that such a problem?

Well, for one, most people’s passwords tend to be things they can remember – the name of their spouse or children for example. Ah – now we can see the problem, if we can access fairly open but personal information, it’s possible to more easily guess someone’s password. And since many people keep their passwords the same for all of their different on-line needs (everything from Amazon to banking, from PayPal to your supermarket shopping account) then once the password is cracked, the hacker can have a field day.

Usually, the first thing a hacker will do is to lock you out – simply by changing the password. The normal security barrier here is to send an e-mail confirmation to you, to let you know this has been done – or, in some cases, you need to click on a link to confirm that you have actioned the change. Since the hacker has access to your social networking account, he/she can see your e-mail address too. If your password for this is the same and you use a Web-based e-mail service, then it’s no sweat – the hacker can also access your e-mail, change your e-mail password and lock you out of that too.

Ah, you’re saying, but on some sites (such as Facebook) people can’t see my information unless I let them. That might be, but a recent survey showed that 41% of people were prepared to allow complete strangers to have access to their information, by becoming ‘friends’. It seems that there is social kudos gained by having lots of friends – and the need to add ‘just one more’ overrides any security concerns. And the effect ripples through – once you’ve made someone a friend, your real friends are likely to trust that person too, simply being your friend is enough for them to make them a friend too.

Some companies have banned access to sites such as Facebook – partly because of the time it’s believed that people spend on those sites – but also because of security issues. (Most IT departments would tremble if they believed that someone could guess the password to a secure VPN, and then ride roughshod over their corporate data, simply by checking out family names on a social networking site.) For organisations, this could be a major security headache – though one that’s cured by enforcing non-guessable passwords which regularly change.

In Ben Elton’s latest book, Blind Faith, he describes a society where privacy has ceased to exist – and certainly the potential is there, if we all post our personal lives, minute-by-minute, in blogs, on social networking sites and on photo sites.

Identity theft and cyber-crime are no longer the preserve of fiction writers, these are massive everyday issues for every person with Internet access – so using social networking sites means taking care that you’re not inadvertently handing over information which can be quickly used to gain access to the rest of your life: financial, personal and work.