Tuesday, August 08, 2006

More on social networking

Article from news.com that provides a different spin on the social networking controversy - the fact that Web 2.0 developers may not be paying as much attention to security issues and risks as they should:

"People are buying into this hype and throwing together ideas for Web applications, but they are not thinking about security, and they are not realizing how badly they are exposing their users."

"The end-user ends up getting screwed, but the Web application really has the vulnerability in it...The only people who can fix the problem are the actual people who run the Web applications."

I guess this is an additional issue to flag re use of social networking sites, above and beyond advice re the "known" risks of inappropriate contact, releasing personal information etc?

Update: a similar article from The Register this week:

"According to an analysis of more than 5bn web requests in July, ScanSafe found that, on average, up to one in 600 profile pages on social networking sites hosted some form of malware."

Probably needs to be treated with a degree of caution, this, as the research was conducted by a web security firm, but an additional consideration all the same. Social networking sites would appear to be excellent delivery vehicles for adware and spyware.

Another interesting finding re identity verification:

"Social networking sites like Facebook, which typically use a university or college email address to verify a user's identity, and LinkedIn, a site used for business networking, tended to be more secure than "open" social networking sites, according to ScanSafe."

Finally, another worrying finding:

"The research also revealed the presence of referrals to adult-themed dating sites on social network sites popular with teens."

VoIP call quality getting worse

Another article from silicon.com, this time reporting that "VoIP call quality has declined by about five per cent in the past 18 months":

"...the decline in voice quality is happening because voice services are increasingly competing for resources on the same IP network as other services such as video, music downloads and interactive gaming. IP telephony calls ride over the same network that is also delivering internet access and in some cases IP-based video. While the speed of broadband networks has increased, consumers are doing more on the net, which affects call quality..."

And now the scary bit:

"Many internet companies offering voice services, such as EarthLink, Google, Vonage and Yahoo!, are opposed to allowing phone companies or cable operators, which own the underlying broadband networks, to prioritise traffic in order to improve call quality. They fear network operators will abuse their power by charging unreasonably high fees and eventually squeeze out competing traffic...But some analysts say the time is quickly approaching when network operators will have to prioritise delay-sensitive traffic such as voice or video."

The other side of the net neutrality issue I guess...will the net develop suffciently to support services like VoIP without controls being imposed by the telcos? The ideal would be for open standards to be developed and adopted to allow this to happen, but if the telcos get there first with proprietary protocols...?

Google warns on "unsafe" websites

Article on BBC News about a new feature from Google, to flag pages and sites that are nown to host spyware or other malicious programs:

"The warnings will be seen by anyone using the search engine who clicks on a link to a site identified as harmful by the Stop Badware coalition...initially the warnings seen via the search site will be generic and simply alert people to the fact that a site has been flagged as dangerous. Eventually the warnings will become more detailed as Stop Badware researchers visit harmful sites and analyse how they try to subvert users' machines."

A good idea, but will the Stop Badware coalition be able to keep up as sites move location and new ones appear? Essentially the same problem that filtering software developers have in keeping their software up-to-date?

More on net neutrality

Peter Cochrane in his regular column for silicon.com flags the risks to the future of the net arising from the recent US legislation...a "very dangerous precipice" indeed...

"The telcos et al see an opportunity to regulate the whole net and control the packet flow so they can extract more revenues by creating tiers of usage for individuals and websites by volume and speed. This would create, at least, two classes - one faster internet for those with lots of money and one slower one for those without. And I have to say, this also means goodbye to the freedom and uniform utility we currently enjoy."