Technology: The business and culture of our digital lives, from the L.A. Times

| Main |

Social networking sites attract friends, but also enemies

1:31 PM, August 7, 2008

MySpace bills itself as "a place for friends." But it and other social networking sites are becoming a place for enemies too. A couple of things happened today that reinforce the point that these sites, while being a terrific way to keep in touch with friends and throw sheep at them, are very much not the safe sandbox that many take them to be.

We have already pointed out that identity thieves have a pretty wide-open field on MySpace, Facebook and their ilk. Scammers find it fairly easy to pretend to be someone real, either by creating a profile page or by taking over an existing one. When they send messages to "friends" on the sites, they are far more apt than with ordinary spam to get victims to click on a link that installs password-stealing keyloggers.

Today, security firm Sophos warned that bad guys are writing on Facebook users' comment walls, urging them to watch a video that appears to be hosted by Google. But the displayed link actually asks users to download a program that surreptitiously opens a back door into their computers. Similar scams ...

... have been used to turn PCs into zombies for sending spam.

"People have got to learn that clicking on links in messages to websites can lead to a malware infection, whether the messages are in your e-mail or on a site like Facebook," said Graham Cluley of Sophos.

The other reminder came in the form of a presentation by researchers at Black Hat, the Las Vegas convention devoted to tech security.

Shawn Moyer and Nathan Hamiel showed they could include invisible code in a comment on someone's MySpace profile page that would log the recipient out of the site as soon as they viewed it. More impressive: They sent a similar mini-program in a comment that forced someone to become their friend.

Malicious applications, even those that initially appear innocent, also have an enormous amount of power over users' information, and they can attack other applications or the users' friends.

The hackers' friendly advice: Social networking sites need to reduce the range of activities that applications are allowed to perform. And they need to block links to external content, or at least do much more to ensure that such content is both of a specific type -- such as a photo -- and at a trusted place, such as Flickr or Photobucket.

Facebook and MySpace didn't immediately respond to requests for comment.

-- Joseph Menn

Permalink | Comments (4)
TrackBack

TrackBack URL for this entry:
http://www.typepad.com/t/trackback/816965/32141254

Listed below are links to weblogs that reference Social networking sites attract friends, but also enemies:

Comments

In the real world, there are friends and enemies. We cannot expect to build a “virtual world” only with “friends”. We have to learn to coexist with “angels”, “devils” and all the kinds of human beings. If you don’t want to take this challenge, please, return to the “cavern” world.

Domingo
http://www.comlab-corp.com
http://spaengclub.blogspot.com

Posted by: Domingo A. Trassens | August 07, 2008 at 08:14 PM

hidden malware in myspace and facebook messages is bad, and common, and Cluley is right - people need to just be aware and careful the way they are with e-mails.

but there's worse enemies lurking in myspace. what about the story of Megan Meier? She can't be the only one, but she is the one people know about.

Posted by: deleahrium | August 08, 2008 at 09:44 AM

It really getting really bad on myspace and on facebook. There are too many people pretending to be people and hacking into people myspace. I am sick and tired of the fakes on these social sites. It seems like the people who created them need to crack down on the hackers and the fakes as soon as possible. It really sad that people with no lives pretend to be a person who is in the public eye and hacking into somone facebook and myspace. I wish it would stop.

Posted by: Melissa Christensen | August 08, 2008 at 07:56 PM

This proves once again that people can be downright dirty! There are many professional-looking "MySpace" sites that pretend to be celebrity-sites but are actually fans PRETENDING a la Cosplay to BE their idol!

I once had a MySpace that was stolen out from under me. I have a new one now but still wonder if it could happen again.

You've raised many valid points, Mr. Menn and I have linked back to your article from my blog.

The most important thing I would tell other social networkers and bloggers: don't get too attached to your MySpace or Facebook page or to your blog. Back it up if you wish, but set it up so that you just walk away and start over if disaster should strike and it gets deleted or pirated out from under you.

Posted by: Dave Lucas | August 09, 2008 at 05:52 AM

Post a comment
If you are under 13 years of age you may read this message board, but you may not participate.
Here are the full legal terms you agree to by using this comment form.

Comments are moderated, and will not appear until they've been approved.

If you have a TypeKey or TypePad account, please Sign In





Recent Comments
Obama, McCain offer contrasting styles in Web advertising
Ads, who looks at those these days? I d...
comment by John Peabody
Estelle, the poster child for artificial scarcity
Jon - The ease of pirating a desired tr...
comment by Marc Cohen
Feds prepare to premiere digital TV in North Carolina next week
Most stations are already broadcasting t...
comment by matt
Follow Us on Twitter
Keep up with what’s behind the buzz in the tech world. http://twitter.com/latimestech
Archives
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
Categories
Tech News & Blogs

Tech News


Tech Blogs