Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/3/2009
04:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Social Networks Fight Back

How major social networks MySpace and Facebook are building up security -- and where their weakest links remain

But Hamiel says social networking firms are conflicted about cracking down on securing their APIs for competitive reasons. "The main draw is functionality," he says. "They don't want to lose any market share to competitors. So they are probably going to be a bit gun-shy about who they turn away from developing apps."

MySpace has also turned outside for some of its security. Earlier this year, the social network began rolling out Cloudmark's Authority service, which detects and filters spam and harmful content in MySpace messages and posts.

"MySpace is different -- most other social networks aren't deploying third-party commercial security services. Others are using their own technology to do it and have developed [the tools] inside the social network," says Jamie de Guerre, chief technology officer at Cloudmark.

De Guerre says the Cloudmark service scans inside MySpace, and then Cloudmark works with MySpace to add elements to the user interface to help report any malicious activity. It also detects suspicious activity, such as a profile making lots of friend requests but not being requested by other users. "Any spam or abuse [reports] come back to our threat network, and we use that data for email or mobile operators to automatically discover new threats quickly," he says.

MySpace's Nigam says Cloudmark's service augments its in-house security measures, such as its homegrown Bloodhound tool that identifies imposter profiles used for spamming purposes, and Watchdogs, a set of tools that track spam content and block or remove it. He says MySpace takes a holistic approach to security.

"We added them to the arsenal of things we're doing to stop bad guys from hurting our users," Nigam says. "Cloudmark's [service] didn't replace anything. We added it to what we're already doing."

MySpace has also stepped up education and awareness among its users, he says, as well as forged partnerships with Microsoft and the Anti-Phishing Working Group to help report and quell phishing attacks. It also hired law enforcement specialists to help with civil lawsuits and criminal reporting of malicious activity spotted on MySpace.

"You have your head in the sand if you don't realize at the end of the day, even with the greatest technology and education, there are going to be times when something bad is going to happen," says Nigam, who is a former federal prosecutor.

Facebook, meanwhile, handles its security operations and development in-house. It filters malicious URLs and keeps a "greylist" of URLs that haven't yet been verified, according to Facebook's spokesperson. "If a user clicks on one of these, we show an interstitial page with a warning letting the person know that he or she is leaving Facebook and should be careful," he says.

The social network also has built its own automated systems to detect Facebook accounts that are likely to be malicious or compromised, such as those that contain messages with malicious links. "Because Facebook is a closed system, we have a tremendous advantage over email. That is, once we detect a phony message, we can delete that message in all inboxes across the site," the Facebook spokesperson says.

And Facebook has been able to slow Koobface infections, he reports. "On the malware front, we've mostly been fighting...Koobface. We've worked with Microsoft to push a solution to Koobface on user machines through Windows Update. By all accounts, our continuing security measures on Facebook combined with Microsoft's measures at the operating system level have been very effective in slowing the spread of the virus," he says. Facebook has slowed the spread of Koobface "to a crawl" with its partnership with Microsoft, he says.

Meanwhile, the weakest links for MySpace and Facebook lay in their third-party applications and in the users of the social networks themselves, experts say. While it's unclear just what more they will do -- either locking down elements of their APIs or more aggressively vetting third-party applications -- the careless or clueless user is still their biggest challenge.

And the social networks are well aware of that: "To combat threats, we need users' help, too," Facebook's spokesperson says. Says MySpace's Nigam: "It's their behavior you want to change. We want them to approach the Net in much the same way they approach their live in the physical world" when it comes to security, he says.

While there are ways to beef up defenses to DDoS attacks, there's no way to really stop them. "There is always a DDoS threat with anything, social networks or not," Hamiel says. "DDoS attacks can't be completely stopped. They can only be mitigated."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...