GrepLaw |
|
|
This site is a production of the Berkman Center for Internet & Society. Please email if you have questions, contributions, or ideas about improving this site.
|
|
|
|
| |
|
|
Social Networks Next Hacking Target?
|
|
|
|
posted by scubacuda
on Friday January 02, @11:46AM
from the HEX-%22%3e%3c%73%63%72%69%70%74%3e%64%6f%63%75%6d%65%6e%74%2e dept.
|
|
|
|
|
This Security Focus article looks at the lack of security social network sites have, particularly their lack of SSL logins, which means a user's session ID will be logged on any proxy and possibly sniffed. From the article: [A]ccording to [Clay] Shirky, one thing is certain: "The value of each site is communally-created. Links and transactions are more important than individuals." In other words, each community creates its own kind of value. Thus, an attacker might hit Tribe to farm social networks for spam victims; and then he might exploit LinkedIn to get the contact information for a VC he wants to meet.
Citing Lawrence Lessig's idea that code equals law, Shirky argues, "Actually, it turns out that code is only sometimes law. The software is not as valuable who uses it." When it comes to locking down social discovery Web sites, one might make a similar claim. Secure code on these sites may not be nearly as important as the community policing them. As anyone who operates a dynamic website knows, cross-site scripting is pandora's box. SSL can't cover that vulnerability.
|
|
|
|
< Apple Users Threatening Lawsuit
| Interview with Groklaw's Pamela Jones >
| |
|