The security of social networks was thrust into the spotlight yet again this week with the successful hack of the Twitter Grader application run by Hubspot, a maker of social media and internet marketing tools.

The Twitter Grader application uses an algorithm to calculate, or grade, a Twitter user’s ranking among their peers.  This type of tool has been very popular with Twitter users who willingly grant access to their Twitter accounts for websites that offer this type of ego-feeding information.

The compromise resulted in thousands of unauthorized messages being sent from Grader users’ Twitter accounts containing a link to a web page that hosted an embedded video.  The content turned out to not be malicious and it has been speculated that this was an attempt to increase the search engine rankings of the website.

The hack was quickly acknowledged by Hubspot who proceeded to take down the Grader application while they investigated the issue.  Grader users are advised to revoke access for Grader to their Twitter accounts and also to consider changing their account password. Continue reading Twitter Grader Hack Highlights Social Network Spam Risks»

We are starting to see more security problems relating to social networking, including social networking phishing attacks that direct users to malicious web sites, and hacks like last week’s Twitter attack by a “bored” 17-year-old. Apparently, according to a Cnet article, “one day he hopes to get a job as a security analyst.” Yikes! If you hire this youngster, you get what you deserve. Let’s not teach a whole new generation that the way to a good job is through criminal activity! Kid, if you’re reading this, you’re not Frank Abagnale, get over it. There is a better way.

But onto the issue at hand. The wave of social networking attacks, social network phishing, and even social network spamming may call for the security policy to be revisited. Many security policies were created before social networking became as popular as it is today, and there has been an ongoing debate as to whether user policies need to be updated to reflect this new reality.

Continue reading Policy updates may be in order to address social networking threats»

Yesterday I experienced quite a scare.  Several client social networks I created and maintain all had fake member registration forms filled out. I immediately identified each registration as spam. Luckily all registrations must be manually approved by the administrator.  I found this to be a very sophisticated spam attack. In each instance the spammer even uploaded a required picture of a pretty girl.  The registration form field entries each had the same entry of “I’ll tell you later”.  This indicates an automated spam machine was used. The different email addresses entered all used the malinator.com domain.  All the social network administrators have been notified to be on alert.

With account registration moderation in place, the scenario above is a more controlled environment. So spam infiltrations are much harder to achieve. More mainstream popular social networks, like Facebook and Twitter, do not moderate registration. So spammers can slip in very easily to target legitimate members.

As mentioned in a previous article “Belated Spam Predictions“, spammers will continue to phish social networks, but use more sophisticated approaches. The goal is to collect not only personal information, but also retrieve information surrounding a person’s inner circle of friends and associates.

Continue reading Social Network Spam Scare»