Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/3/2009
04:04 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Social Networks Fight Back

How major social networks MySpace and Facebook are building up security -- and where their weakest links remain

But Hamiel says social networking firms are conflicted about cracking down on securing their APIs for competitive reasons. "The main draw is functionality," he says. "They don't want to lose any market share to competitors. So they are probably going to be a bit gun-shy about who they turn away from developing apps."

MySpace has also turned outside for some of its security. Earlier this year, the social network began rolling out Cloudmark's Authority service, which detects and filters spam and harmful content in MySpace messages and posts.

"MySpace is different -- most other social networks aren't deploying third-party commercial security services. Others are using their own technology to do it and have developed [the tools] inside the social network," says Jamie de Guerre, chief technology officer at Cloudmark.

De Guerre says the Cloudmark service scans inside MySpace, and then Cloudmark works with MySpace to add elements to the user interface to help report any malicious activity. It also detects suspicious activity, such as a profile making lots of friend requests but not being requested by other users. "Any spam or abuse [reports] come back to our threat network, and we use that data for email or mobile operators to automatically discover new threats quickly," he says.

MySpace's Nigam says Cloudmark's service augments its in-house security measures, such as its homegrown Bloodhound tool that identifies imposter profiles used for spamming purposes, and Watchdogs, a set of tools that track spam content and block or remove it. He says MySpace takes a holistic approach to security.

"We added them to the arsenal of things we're doing to stop bad guys from hurting our users," Nigam says. "Cloudmark's [service] didn't replace anything. We added it to what we're already doing."

MySpace has also stepped up education and awareness among its users, he says, as well as forged partnerships with Microsoft and the Anti-Phishing Working Group to help report and quell phishing attacks. It also hired law enforcement specialists to help with civil lawsuits and criminal reporting of malicious activity spotted on MySpace.

"You have your head in the sand if you don't realize at the end of the day, even with the greatest technology and education, there are going to be times when something bad is going to happen," says Nigam, who is a former federal prosecutor.

Facebook, meanwhile, handles its security operations and development in-house. It filters malicious URLs and keeps a "greylist" of URLs that haven't yet been verified, according to Facebook's spokesperson. "If a user clicks on one of these, we show an interstitial page with a warning letting the person know that he or she is leaving Facebook and should be careful," he says.

The social network also has built its own automated systems to detect Facebook accounts that are likely to be malicious or compromised, such as those that contain messages with malicious links. "Because Facebook is a closed system, we have a tremendous advantage over email. That is, once we detect a phony message, we can delete that message in all inboxes across the site," the Facebook spokesperson says.

And Facebook has been able to slow Koobface infections, he reports. "On the malware front, we've mostly been fighting...Koobface. We've worked with Microsoft to push a solution to Koobface on user machines through Windows Update. By all accounts, our continuing security measures on Facebook combined with Microsoft's measures at the operating system level have been very effective in slowing the spread of the virus," he says. Facebook has slowed the spread of Koobface "to a crawl" with its partnership with Microsoft, he says.

Meanwhile, the weakest links for MySpace and Facebook lay in their third-party applications and in the users of the social networks themselves, experts say. While it's unclear just what more they will do -- either locking down elements of their APIs or more aggressively vetting third-party applications -- the careless or clueless user is still their biggest challenge.

And the social networks are well aware of that: "To combat threats, we need users' help, too," Facebook's spokesperson says. Says MySpace's Nigam: "It's their behavior you want to change. We want them to approach the Net in much the same way they approach their live in the physical world" when it comes to security, he says.

While there are ways to beef up defenses to DDoS attacks, there's no way to really stop them. "There is always a DDoS threat with anything, social networks or not," Hamiel says. "DDoS attacks can't be completely stopped. They can only be mitigated."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...