Tweet This Post

Social networks are rich environments for information sharing and collaboration that are based largely on the trust built between users. And they are rich in personal information, both explicit (your name, email address, where you live,  where you work, etc.) and implicit (your password might be the password you use to log into other web accounts, or your corporate email, or even your bank account). Because they’re based on mutual trust, users are more prone to click on something that comes from a friend than, say, a spam message in their email inbox. And once someone within a network of trust is compromised, it’s relatively easy to exploit their network to compromise other users.

Last week’s “clickjack” attack on Twitter was by most measures benign–if you count it overloading the Twitter message service and causing web users to get the “fail whale” as benign.  It used a self-perpetuating Twitter message with a link (that told users NOT to click it) to post itself into the recipient’s own status messages.  While it wasn’t spreading malware like some other recent attacks on social networks (Digg, Facebook and Myspace)–the problem even drove the legislature here in Maryland to briefly ban posting to Facebook and MySpace because of virus concerns.

There’s a simple solution to most of these threats — treat any link you get in Twitter, Facebook, or Myspace  updates with the same level of suspicion that you apply to emails from Nigerian princes.  As Nikita Khrushchev said, “Trust, but verify.”

Tweet This Post