| Employees use two types of social networking sites. | | | | technology has moved from the consumer to business |
| They bring their Facebook, MySpace, YouTube and | | | | world so many times in the recent past is that experts |
| other identities to the office. At the same time, they | | | | consider the security issues more quickly. There |
| use professional social networking - LinkedIn and | | | | seems to be a bit less denial. This Legal Technology |
| others - for more "official" duties. | | | | piece offers a good description of social networks, |
| It has the potential to be a major problem. A recent | | | | and references a Black Hat presentation that looked |
| Newsfactor piece based on Forrester research | | | | at insecure features of social networks and identified |
| identifies social networking as a key element of the | | | | the biggest vulnerabilities. They include cross-site |
| ongoing corporate Web 2.0 wave. By 2013, the firm | | | | request forgery (CSRF), cross-site scripting (XSS) and |
| says, social networks will constitute a $2 billion chunk | | | | the lack of a mechanism to validate the security of |
| of what will be a $4.6 billion sector. | | | | customer applications. The writer offers seven tips for |
| Hopefully, organizations will catch up on the security | | | | safely using and administering social networks. |
| front. The piece says that only half of Web filters | | | | This is not all theoretic: Business people are using social |
| deployed by Barracuda Networks are blocking | | | | networks - and the bad guys are going after them. For |
| MySpace or Facebook. Those who are doing so are | | | | instance, SPAMfighter cites reports from The |
| trying to guard against virus and spyware and to | | | | Washington Post's Brian Krebs about spear phishing |
| maintain employee productivity. It would be interesting | | | | attacks against about 10,000 LinkedIn members. The |
| to understand how many of these organizations | | | | story says social networking sites often are the target |
| understand that social networking sites are great | | | | of spear phishers because users are used to getting |
| avenues for phishing and other social engineer exploits, | | | | e-mail from other members. This e-mail purported to |
| and for dishonest or ignorant employees to send vital | | | | come from and carried the subject line "Re: business |
| information beyond the firewall. | | | | contacts." Recipients following the instructions in the |
| Recently CNN had a nice overview of the flow of | | | | e-mail installed a malicious program aimed at stealing |
| social networking into the corporate space. What the | | | | sensitive information from the computer. |
| author doesn't say is that the evolution of social | | | | There is a lot to worry about. Dark Reading offers a |
| networking from consumer to business use is precisely | | | | scary vignette on how dangerous a social networking |
| what happened with cell phones, Wi-Fi and other tools: | | | | site can be. The big problem is that there is no way to |
| People used them in their private lives, liked them, and | | | | simultaneously optimize security and interactivity. To a |
| brought them to work. In this case, the writer says, | | | | great extent, emphasizing one comes at the expense |
| more secure, corporate-aimed offerings are available. | | | | of the other. Dark Reading runs through some of the |
| Yammer, for instance, is a business version of Twitter. | | | | problems, and links to pages that describe in more |
| Other corporate social networking newbies, according | | | | detail seven of the most dangerous activities: |
| to Forrester, include Awareness, Communispace and | | | | impersonation and targeted hacks; spam and bots; |
| Jive. | | | | "weaponized" applications; XSS and CSRF; identity |
| One of the advantages of the fact that new | | | | theft and corporate espionage. |