Social Networking Site Safety Questioned

An anonymous reader writes to mention a TechNewsWorld article about social networking sites. Researchers are finding these places are goldmines for social engineering exercises. Between worm attacks and simple human observation, sites like MySpace are the perfect place to obtain saleable personal information. From the article: "The danger is real, according to a study conducted by CA and the National Cyber Security Alliance (NCSA). In October, the alliance issued its first social networking study examining the link between specific online behaviors and the potential for becoming a victim of cybercrime. Despite all the publicity about sexual predators on sites like MySpace and FaceBook, the alliance took a different approach by measuring the potential for threats such as fraud, identity theft, computer spyware and viruses. Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cybercrime, they are still divulging information that may put them at risk, as Boyd suggested. Social networkers are also downloading unknown files from other people's profiles, and responding to unsolicited instant messages that could contain worms, the NCSA reported."

Fix the ohter end?

[zotz]

Should the other end be fixed? Why should it be possible to steal someone's identity with the simple personal details people make available online?

all the best,

drew

the answer to this is so simple...

[CheechBG]

Just make your damn profile private! If you are naive enough to think that everyone in the world wants to read your profile, you are probably too naive to understand that everyone's intentions sometimes aren't friendly.

One of our HR people just to prove a point attempted to look at my profile, and then sent me a friend request which I denied for that reason. Making a definitive wall between work and whatever it is that I do at home is very important.

of course

[jrwr00]

Its a meeting place for all the morons on the interweb (as called by a few of my friends)

Myspace, hi5, bebo, is just to name a few i see around here in job corps,

ever wonder why AOL Userers got the most phising emails, because most AOL users where morons

Nosey sites

[Threni]

Part of the problem is sites asking for identifying info when you sign up, including passwords, email addresses, real addresses sometimes, or postcodes/zipcodes, dates of birth etc? Why? None of this stuff has anything to do with what I post on Slashdot, my opinions on music, films, games. Having it stored on the site owners server does nothing to aid my attempts to get answers to technical problems on usenet or forums. And I'm not entirely sure it can be said to help reduce trolls and other problems that afflict public sites. If people didn't have to exchange all this info to register on sites etc, and it was only provided when absolutely necessary then maybe people will be more aware of exactly who's asking for it and how safely it'll be stored.

Ex-fricking-actly

[SatanicPuppy]

Why is this such a big issue? Because we don't currently have a reliable way of verifying identity. Until that basic problem is fixed, there is no way to fix the identity theft issue.

Of course, the only really reliable way of proving identity is some kind of private key crypto backed up by high-end biometrics (eg, retinal scan, or dna), and the odds of something like that being implemented are hilariously low, for about a million reasons.

At the very least there needs to be some sort of private ID that is used to verify the "public" id that you pass along to the credit companies and whatnot.

Re:it holds true for myspace

[tehwebguy]

Local White Pages Safety Questioned

Aren't your local White Pages more dangerous by default? I mean those are opt-OUT, while MySpace is opt-IN

On the other hand,

[Peter Trepan]

Socializing at a bar puts you at greater risk of physical harm. Socializing at a church puts you at greater risk of personal judgment. Socializing at a coffee shop puts you at greater risk of cardiac arrhythmia. Socializing at a restaurant puts you at greater risk of clogged arteries. Not socializing puts you at greater risk of dying alone.

Teach internet responsibility in school

[businessnerd]

I think a great way to combat issues like this is to start teaching safe browsing in school. We are already teaching them how to use the computer and how to find information over the internet, but are they teaching them how to use the technology responsibly. When I learned how to use a computer in school, we learned what bugs and viruses were, but they weren't as widespread then, so there was no lesson on how you might get a virus, how to prevent getting that virus, and if you do get a virus, how do you repair your machine. This was also before spyware was understood as well as phishing and identity theft. We all saw the movie "The Net", but no one really thought that could happen to them, and could only be pulled off by some elite hacker out to get you, and only you.

We need to teach the kids that not everyone on the internet is your friend. Not everyone on the internet is who they say they are. You can protect yourself from malware by using safe browsing behavior (don't click OK at every message that pops up, smiley face add-ons are not so smiley). Never give out personal information on the internet unless you are absolutely positive that the person you are giving it to is in fact who they say they are, and there is a legitimate reason for it. This means no SSN, phone number, credit card/bank numbers, address, etc.

Like I said earlier, when I was in school, all of this was not really a concern, so I'm not sure if schools are actually teaching this kind of stuff.

Re:On the other hand,

[presentt]

I agree. I think there is a difference between caution and paranoia. As long as you aren't stupid, and don't make available information such as credit card numbers, social security numbers, and so forth, I don't see much wrong with posting basic demographics like age, sex, and even locations. It's the type of information that can be obtained by someone who wants it, anyways, and can potentially add to the sense of the online "community." I don't have a MySpace, but I do have a Facebook profile. I keep it private, but still recognize that the information in it, including cell phone numbers, AIM screennames, and pictures, are online and thus potentially available to an unauthorized party.

I'm sure my phone number, email address, and even postal address are circulating around without my knowledge offline. Putting it online may expose me to spammers, but hey, I've got a good email filter, I'm not afraid to hang up on people, and who really sends junk mail on paper anymore anyways? Besides, it's in the phone book. And I'm not too afraid of sexual predators--I don't fit the demographic, and I'm not stupid enough to meet some unknown person at a shady coffee shop either.

And my picture? Big deal, check last month's newspaper, because there's a photo of me. What I'm trying to illustrate is the availability of information about me away from the internet, and the futility of trying to protect basic information in the first place. If an attacker (social, sexual, political, or even a government assassin because I heard the wrong conversation somewhere) wants to learn about me, he can. There's risk everywhere, as the parent pointed out.

Re:In other news

[kfg]

Never leave home and you'll never catch a cold . . .

Nooooooooooow ya tell me!

Actually, I think, in a bit of irony, I caught this one from the UPS man the last time he handed me a crate of Kleenex through the basement window, 'cause I don't remember leaving home lately. I'll have to wear gloves and soak them in Vodka for a week before handling them next time.

In a bit of further irony today I had intended to be far away from anywhere with a net connection, or people, but I couldn't leave home, becasue I have the flu.

So here I am.

Lucky you.

KFG