Business IT - Technology for your business

No. 1 Story

Online group buying market surges to near $500b and growing

Online group buying has taken off in a big way in the Australian market, with the market now worth nearly nearly half a billion dollars and significant growth predicted over the next 12 months and beyond. read more

StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Social networking and mobile devices call for right policies

Stephen Withers
Thursday, 02 September 2010 18:32

Business IT - Security

Page 1 of 2

IT infrastructure provider Dimension Data is advising its clients to formulate appropriate policies about the use of social networking and mobile devices.


Microsoft Office 365 Get your free Trial

Related Articles

Dimension Data senior security consultant Ed Luck said that Facebook presents "a massive attack surface." Part of the problem is that there are more than one million developers and entrepreneurs involved, and Facebook doesn't pre-screen apps - it waits until complains are received and then investigates.

The Facebook API presents multiple opportunities that can be exploited by malware writers. For example, the API is vulnerable to 'man in the middle' attacks between a client and a legitimate application server, and Luck also suggested that it wasn't a major challenge to arrange for the server behind one externally supported app to send a message to another unrelated app (spoofing).

"We have to live through the bad part of the [security] cycle before it stabilises," he warned.

Privacy is another issue, though one that doesn't seem to be taken seriously by most Facebook users. 89% of then use their real name, and 61% use an identifiable picture, Luck said. The problem for organisations is that information available via social networks can be used as an entry vector to internal networks. One example is that such information can be used for spearphishing or social engineering attacks - the more you know about someone, the easier it is to compile an email message that will appear trustworthy because it appears to come from a known source and contains subject matter that might be expected from that person.

Is your company likely to be attacked?, Luck asked. Maybe, maybe not - but he suggested that mining companies are a good example of organisations whose secrets are of great interest to competitors and to certain governments.

And developments like Facebook Places and foursquare reveal people's locations - very useful if you want to pickpocket a particular person's mobile device when they're in a crowded bar, or when you want to be confident they will be away from their desks for a certain period.

So what do you do? Please read on for some of Luck's suggestions.



Start 1 2 Next 

Sponsored Announcements

Eaton’s Innovative Rack Power Distribution Solutions Offer High-Accuracy Power Monitoring and Management at the Individual Outlet Level

David Bass | Diversified industrial manufacturer Eaton Corporation has today launched a new set of enclosure power distribution units, ePDUs, that prov…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases