« How Web 2.0 is Challenging Corporate Security | Main | Ann Coulter Hacked »

On the hype scale, social networking is red hot! Facebook, MySpace, Linkedin are all examples of the force multiplying, networking effect of Web 2.0. Yet as Peter Schoof reported last week, there is healthy debate on whether these sites should be permitted in the corporate environment.

Social networking sites pose yet another security issue for security managers today, courtesy of the Web 2.0 model. While some of these social networking sites like Linkedin have distinct business applicability and value, other sites clearly emphasize the purely “social” part of the equation.

Should security or IT managers even be concerned about whether employees are accessing these sites? Here are couple of things to consider -

1. Social networking sites are increasingly targets for new exploits, especially cross-site scripting attacks. Like many Web 2.0 sites, social networking apps are ripe for client side attacks. For instance, in November,2006, a MySpace targeted CSS exploit replaced the navigation menu, enabling an attacker to redirect the user to a spoofed web page.

2. Social networking sites can be a platform to launch attacks. Because social networking sites drive traffic, it can be an effective launch point for various attacks targeting other platforms or components. Over a year ago, an online banner advertisement running on MySpace used a Windows security flaw to infect more than a million users with spyware related to Windows Meta Files.

3. Social networking sites can lead to compromise of privacy or proprietary information. What you do on a site is information that social networking apps control and could expose. Case in point - last year, Facebook added a feature called News Feeds that exposed privacy and behavioral information about account users...without their explicit consent. The outrage from its users were expected and the problem was addressed but it's a clear lesson to all users.

4. Social networking sites may be costing businesses millions of $$$ in employee productivity. According to recent studies, due to the result of social networking's overwheming popularity, many of these sites are becoming a source of loss productivity as employees spend time visiting these sites during work hours. As reported in this article, a study commissioned by a UK law firm noted that Facebook is costing British firms 130 million pounds ($264M) in lost productivity every single day.

Should companies be blocking social networking sites as a matter of practice? Perhaps not. But there's certainly ample reason to be concerned from a security perspective.

Posted by andreyee in web 2.0 |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2749