Social Networking Site Safety Questioned 73
An anonymous reader writes to mention a TechNewsWorld article about social networking sites. Researchers are finding these places are goldmines for social engineering exercises. Between worm attacks and simple human observation, sites like MySpace are the perfect place to obtain saleable personal information. From the article: "The danger is real, according to a study conducted by CA and the National Cyber Security Alliance (NCSA). In October, the alliance issued its first social networking study examining the link between specific online behaviors and the potential for becoming a victim of cybercrime. Despite all the publicity about sexual predators on sites like MySpace and FaceBook, the alliance took a different approach by measuring the potential for threats such as fraud, identity theft, computer spyware and viruses. Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cybercrime, they are still divulging information that may put them at risk, as Boyd suggested. Social networkers are also downloading unknown files from other people's profiles, and responding to unsolicited instant messages that could contain worms, the NCSA reported."
it holds true for myspace (Score:2, Insightful)
Yeah, well you know what you have wherever there's a goldmine. Gold diggers.
Automated Privacy Rights (Score:3, Insightful)
I'm really annoyed every time I have to type my name/address/email into a Web form. How many times have I typed that info in the past 10 years of the Web? Why can't forms include either Javascript or even standardized APIs for requesting the same personal info? In increasing scopes with simple descriptive names. So I don't have to let my info sit cached at so many remote servers with which I do intermittent business, any one of which can leak my info at any time.
I want to see a Web GUI show submittable form sections tagged by their target org. I'd like to subscribe to a service that rates forms by their risk, demonstrated by proven vulnerabilities in distributed reporting databases (or whatever my selected advisor uses to decide its ratings). Many people would pay for such a service to advise how much info to disclose to a given recipient. And many organizations would pay to make using them free, like insurance and bank corps, not to mention governments with insight into the preventive value of informing consumers of disclosure risks, without slowing down acceptable transactions.
People can protect ourselves even more than with just tech fixes. We have the right to privacy in our "papers and effects" [wikipedia.org]: our personal data. We produce a government to protect that privacy. We should specify how they protect it, like requiring all disclosed personal data to be redistributed only within the context of the transaction into which it was delivered, unless explicitly agreed otherwise by the sender. Maybe even a Constitutional Amendment, to make more clear the privacy rights implicit in the Constitution, explicit in the 4th Amendment, but still not protected enough for adequate security in the modern age.
Re:Fix the ohter end? (Score:3, Insightful)
Ah, yes, people revealing incredibly personal details like their name is the problem. Phone books must scare the crap out of you.
No, the problem has nothing to do with myspace or any other directory of names, the problem is that it's trivially easy to do things (like getting a credit card or a bank loan) pretending that you're someone else. The only possibly secret bit of information needed to do either of those things is the social security number. Anything else can be pulled out of the phone book or public records.
Once someone has your social security number, they can do *anything* as you. And people will put their social security number into any form that asks for it, because so many things require it.
We desperately need a better form of verifiable identity. Unfortunately, I don't know what that is.