Results tagged “social networking” from Securing GovSpace

Do you know everyone who is writing on your Facebook wall? Are you sure?

Reuters reported late last week that the "Destructive Koobface virus turns up on Facebook." This virus uses the social network's messaging system to infect PCs. Once infected, Koobface tries to gather sensitive information and phone "home."

Here's an excerpt from the article:

"Koobface spreads by sending notes to friends of someone whose PC has been infected. The messages, with subject headers like, 'You look just awesome in this new movie,' direct recipients to a website where they are asked to download what it claims is an update of Adobe Systems Inc's Flash player....

Facebook requires senders of messages within the network to be members and hides user data from people who do not have accounts, said Chris Boyd, a researcher with FaceTime Security Labs. Because of that, users tend to be far less suspicious of messages they receive in the network....

Privately held Facebook has told members to delete contaminated e-mails and has posted directions at http://www.facebook.com/security on how to clean infected computers."

It is no surprise that hackers are going where the information is available. In late 2008, that place is on social networks. My wife received this message on Facebook (on her home laptop) last week. She was fooled by the initial message, but not the download request.  

Attacks are constantly being refined and updated, and users need to constantly be on guard. For government enterprises, I recommend taking steps to ensure that you don't have any infections. A Google search on this topic yields plenty of help.

Has anyone seen Koobface inside their government networks?  Does this situation make you less likely to allow social networks like Facebook at work?    

Over the past month, the Pew Internet & American Life Project  has released the results of several new polls on how Americans use their technology. The latest report, Networked families, describes the central role now played by the Internet and cell phones:

"The survey shows that these high rates of technology ownership affect family life. In particular, cell phones allow family members to stay more regularly in touch even when they are not physically together. Moreover, many members of married-with-children households view material online together."

A report released last month on work called Networked Workers, describes how pervasive the use of the Internet has become in the United States.

"The majority of employed adults (62%) use the internet or email at their job, and many have cell phones and Blackberries that keep them connected even when they are not at work."     

There is good news and bad news in these reports and poll numbers. Most workers think that increased connectivity makes them more productive, but the majority also think that these tools also add stress and new demands to their lives.

Digging deeper, Pew has two separate reports regarding work. One covers Email at work. Again, respondents recognized the good and bad aspects of email. Interestingly, the polls show that spam is less a problem at work than with personal email accounts.

Another report covers Wired Workers: Who They Are and What They're Doing Online. There are many positive aspects to this report, as well as a darker side mentioned.

"Some 17% of Internet users (and 11% of all Americans) say they know someone who has been disciplined or fired because of his or her use of the Internet on the job." 

 In my opinion, coverage of these reports has been somewhat limited, probably due to the coverage on the upcoming election. Still, there was some mainstream press coverage. USA Today offered this report back in September: Study: American workers tethered (with mixed feelings) to work via tech. One man who was interviewed for the report said,

"If everybody also threw their BlackBerrys away, I would too," he said, chuckling. "The only problem is, in my industry, it makes me more competitive."

Initial coverage of family use of the Internet has been more positive. CNet claimed, "The Internet is no 21st-Century Boob Tube."

Overall, there weren't many surprises in these new poll numbers or Pew reports. One thing to keep in mind is the law of averages. That is, some people are spending much more time online than these numbers indicate. (Of course, others are spending significantly less.) Still, there were no shocking numbers that grabbed headlines nation-wide.

I plan to discussing these poll numbers further in future blog entries. Meanwhile, what's your opinion on these reports? 

Recently, Virginia's Governor Tim Kaine announced a new Online Suggestion Box. This new online community is much more than just a place to input ideas. Rather, the site allows users to:

Social networking is very popular, but many governments are banning Facebook, MySpace and other social networking sites at work. Is there an internal model that can bring the benefits of sharing and collaboration without the temptations and security risks associated with checking-in and sharing files or other information with friends all over the country? 

Federal Computer Week (FCW) ran an article this week on a product called A-Space, that Intelligence Community officials hope will provide just the right Intranet solution.  

 Here's more from FCW, "The program's designers want A-Space to give analysts from all 16 intelligence agencies a place to share ideas and information more freely and collaborate across agency lines.

After logging in, analysts will have access to shared and personal workspaces, wikis, blogs, widgets, RSS feeds and other tools. To log in, analysts will need to prove their identity using public key infrastructure, and their agencies must list them in the governmentwide intelligence analyst directory."

Each user will have their own unique profile and be able to post notes to others' profiles. 

The idea is not new, with many companies like IBM and Microsoft offering social networking tools for enterprise Intranets.  The key is to gain adoption and get users working together in more efficient ways without developing another hard to use office tool set that never gains traction. Bottom line: many users want the real Facebook or MySpace.  

A Google search for "Intranet social networking" brings a million results, with numerous options available to governments. And yet, installing and configuring a separate internal toolset seems to be daunting to most technology shops. Therefore, few governments have gone down this road to date. 

Perhaps A-Space is the model, perhaps not. One thing is for sure, there will be plenty more examples to come.     

Several recent security reports warn of dangers found on social networking sites like MySpace and Facebook. As the popularity of these sites has grown, the risks have grown as well. Yesterday,  USA Today proclaimed, "Hackers want to be your (malicious) friend." 

Here's an excerpt from that article: "Last week, computer security firm Sophos detailed an attack in which messages posted on the walls of users' Facebook pages urged them to view
a video that claimed to be hosted on a Google website. But when the link was clicked, the victim was diverted to a website containing malware."

Earlier this month, Jennifer Leggio, who blogs for ZDNet, described "Facebook's (futile) malware exorcism - can social networks fight back?"  She doubts the claim, made by Max Kelly who is Facebook's head of security, that they have identified and blocked the ability to link to malicious websites from within Facebook. Jennifer says:

Jennifer also references a DefCon 16 session with a great name: Satan is on My Friends list: Attacking Social Networks.  The sesson description for that breakout says this:

"Social Networking is shaping up to be the perfect storm... An implicit trust of those in one's network or social circle, a willingness to share information, little or no validation of identity, the ability to run arbitrary code (in the case of user-created apps) with minimal review, and a tag soup of client-side user-generated HTML (Hello? MySpace? 1998 called. It wants its markup vulns back). Yikes.

But enough about pwning the kid from homeroom who copied your calc homework. With the rise of business social networking sites, there are now thousands of public profiles with real names and titles of people working for major banks, the defense and aerospace industry, federal agencies, the US Senate... A target-rich and trusting environment for custom-tailored, laser-focused attacks...."

Lest you think this topic is brand new - think again. While the hacker tricks change with the times, PC World proclaimed: "Hackers Crash the Social Networking Party," almost two years ago.

There are also plenty of other online publications writing about these problems, with over 1.3 million page views available for the Google search "social network malware." What's to be done? There are plenty of suggestions for MySpace and Facebook roaming around in cyberspace. Nevertheless, most experts continue to point back to end user awareness and more training. 

Perhaps the best advice comes from an age-old Biblical Proverb: "A man of many companions may come to ruin, but there is a friend who sticks closer than a brother." In other words, know your online friends.

Any comments on social networking at work?