have become a means to distribute malicious code
social networks do not serve only to show pictures, documents etc., Are also open to exchange small Applications third, no computer developed by the network itself. This new phase has meant that networks such as Facebook have become a way of distributing malicious code masked in these seemingly harmless applications. Experts warn that this phenomenon is difficult to detect, control and braking. In addition, it can be expected that an increasing to the extent that the distribution of third party applications to become popular even more in social networks. By Raúl Morales.
one and a half ago, Facebook opened its doors to the exchange of third party applications. At this time, millions of users have used small applications to play or exchange recommendations of music or movies. To the extent that the popularity of these applications has grown, computer security experts have begun to worry, as social networks, as well as being a very effective way to distribute applications, so may be to distribute malicious code.
are already initiated several projects which aim to demonstrate how real is this danger. The last of these has been carried out by the Foundation for Research and Technology Hellas (FORTH). Its researchers have created an application that lets you show beautiful pictures of National Geographic in the user profile page on Facebook. This application has other invisible to the user property: request image files on a particular server, in this case a test server of FORTH. If many users installed this "innocent" application, without knowing it would send thousands of requests to that server, so that would block or their rightful owners could not use.
researchers made no effort to promote this application among Facebook users, however, within days 1,000 users already have installed on their computers. The resulting attack on the server used for the experiment was not too severe, but it would be enough to block a small web, for example. Few
solutions
Technology Review As reported, a more detailed analysis of social networking sites shows, however, that the damage may be even greater.
Two computer consultants, Nathan Hamiel of Hexagon Security Group and Shawn Moyer of Agura Digital Security recently created samples of malicious applications on social networks like OpenSocial, hi5 or Orkut. For example, one application, called CSRFer, send a request including not authorized to become a "friend" of a previously defined user. According Hamiel, this is just a sample of a button, as there many different ways to launch attacks via social networks. Unfortunately, there are very few things you can do about it.
The problem is that for users is very difficult to know exactly what makes the application downloaded from a network. Social factors also play an important role because social networks foster an atmosphere of trust that is very easy to exploit by those who do not have good intentions.
For example, recently spread via Facebook A malicious program in the form of a fake Flash update was forwarded from one user to another. "It was the social aspect is what prompted this behavior technically stupid" Hamiel said
Companies behind social networks are beginning to consider these security issues. Facebook, for example, has created a security page to advise their users about the potential risks they may face. The company says that its security team is investigating and reviewing their own code for holes, as well as contacting users to let them know if they are not seeing any of these problems. Mission Impossible
Experts warn that it is almost impossible to eradicate all malicious programs. An attacker could create a legitimate application and wait that many users have installed to make it "bad" updating it with malicious code.
limit the capabilities of the applications is not a solution because it would destroy what makes them so attractive to users. It is complicated because, by definition, social networks seek to facilitate creativity and communication. If there are restrictions, social networks may end up denatured.
A more effective solution would be to hire programmers to review the code used by external applications. Obviously, the cost of this solution makes it impractical and unattractive to many companies behind social networking.
And it is only the beginning. It is expected that the type of attacks and their numbers will grow as increasing social networks. In this sense, Hamiel is a problem of education and awareness, because people do not have the same respect for software running on their browsers that something you download from the Internet to install.
Source: Tendecias21
0 comments:
Post a Comment