Let’s put aside all the positive reasons to use social networking services and focus on the dark side. Most of the time, users don’t even realize how much private information they’re sharing over these services. There have already been stories about people Twittering or posting on Facebook that they’re on holiday and getting robbed, but the problems don’t end there.
At RSA Conference Europe 2009, Dr. Herbert Thompson talked about how attackers are launching innovative attacks against individuals and companies using the information shared over public social networking channels.
Dr. Thompson provided real-life examples where he was able to break into online accounts of several people (with their permission, of course). He didn’t use complex tools or some esoteric hacking techniques, but rather focused on publicly available information.
The problem is even larger when you realize that you might not even be the one divulging the information. Maybe you’re the kind of user that doesn’t use Facebook, doesn’t have a blog and avoids being photographed. At the same time, your e-mail password reset question may be: “What’s my mother’s maiden name?”. This kind of data may be shared by other people you know and it could become a security problem.
The lesson to be learned here is that online hygiene doesn’t necessarily depend only on the information you share, but it depends on everyone around you. If you don’t have a Facebook page but a friend posts any personal information related to you, it can come back to haunt you.
We live in interesting times, in which we need to control not only what we do online, but also keep track of the information others are making available online.
Should we define a set of security policies for our friends? Surely, that would be a tough thing to implement.
Help Net Security photos from the RSA Conference Europe 2009 keynote sessions are available over here.