Tuesday, August 08, 2006

More on social networking

Article from news.com that provides a different spin on the social networking controversy - the fact that Web 2.0 developers may not be paying as much attention to security issues and risks as they should:

"People are buying into this hype and throwing together ideas for Web applications, but they are not thinking about security, and they are not realizing how badly they are exposing their users."

"The end-user ends up getting screwed, but the Web application really has the vulnerability in it...The only people who can fix the problem are the actual people who run the Web applications."

I guess this is an additional issue to flag re use of social networking sites, above and beyond advice re the "known" risks of inappropriate contact, releasing personal information etc?

Update: a similar article from The Register this week:

"According to an analysis of more than 5bn web requests in July, ScanSafe found that, on average, up to one in 600 profile pages on social networking sites hosted some form of malware."

Probably needs to be treated with a degree of caution, this, as the research was conducted by a web security firm, but an additional consideration all the same. Social networking sites would appear to be excellent delivery vehicles for adware and spyware.

Another interesting finding re identity verification:

"Social networking sites like Facebook, which typically use a university or college email address to verify a user's identity, and LinkedIn, a site used for business networking, tended to be more secure than "open" social networking sites, according to ScanSafe."

Finally, another worrying finding:

"The research also revealed the presence of referrals to adult-themed dating sites on social network sites popular with teens."