Social Networking: Manageable With Good Enterprise Policy

The following article comes from Security Wire Daily:

A majority of attacks on the Internet depend upon the exploitation of human nature through the abuse of trust. It is human nature, for example, to feel comfortable with Web-based social networks that include our friends and family. We don't expect these people to be hosting anything on their pages that would "attack" us.

Likewise, most wikis are created by well-meaning people, typically subject matter experts, and we tend to trust experts. We don't expect a page full of useful information to contain anything that would be harmful. However, there is plenty of evidence that such Web pages are being used to distribute malware, almost always without the knowledge of the page owner or creator.

In November 2007, the MySpace profiles of Alicia Keys and a number of other recording artists were found to be serving up malicious code. McAfee Inc. also recently reported a malicious MySpace friend request which, when clicked, popped up an apparently legitimate "Automatic Update" window that, in fact, tries to download what McAfee described as a "malware cocktail" containing additional downloaders, several Trojans and a remote administration tool.

So, in addition to enterprise concerns over productivity losses to social networks and privacy issues arising from their use, particularly at work, there are now some direct security threats in play, including network compromise via infected pages. (To get a measure of just how much "drive-by" malware is being distributed by Web pages --including but not limited to social networks -- take a look at "The Ghost in the Browser" published last year by researchers at Google.)

Continued here...