Facebook defends social networking security

Powered by SC Magazine
 

Social networking giant Facebook has defended its security and privacy controls in the face of criticism from industry experts, at this year's Infosecurity Europe show in London.

In a keynote at the event, Martyn Croft, head of corporate systems at the Salvation Army, argued that the concerns over corporate use of social networking sites, including lost productivity and malware infection, are "very real".

"It's a social engineering gold mine – a haven for finding out valuable information and it's an easy distribution platform for malware," he added. "For us, brand value is paramount and if we lose it we lose revenue very quickly."

But Max Kelly, chief security officer at Facebook, argued that the firm has gradually improved its security controls over time, to the point where users can now have control over who views any part of their profile on the site. "It is an educational challenge though," he admitted. "Users have top create a privacy model for themselves and that has been an ongoing challenge."

Kelly added that the firm has built up a "strong security team" to deal with issues at the network and application layers, and to investigate potential phishing and spamming attacks using data harvested from users of the site.

"It was in about January time that we became noticed by threatening elements who began to come after us," he said.

Jeremiah Grossman, chief technology officer at web app security firm WhiteHat Security, argued that social networking sites are prime targets for malicious Java script to be uploaded onto them. "It's an easy and effective way to effect the enterprise and because it's all purpose built, it's difficult to protect against; we need a whole new set of solutions," he said.

He suggested that Facebook is reluctant to restrict security too much on the site because it will affect its business model. "It will take risks with security because [ultimately] it's the users getting hacked not Facebook.

Read the full article

itweek.co.uk @ 2010 Incisive Media


 
 
 
Top Stories
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
The CISO’s dilemma: Do you trust your partner’s partner?
[Blog post] How far down the chain do you check?
 
Microsoft confirms Australian Azure launch
Available from next week.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 303

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  59%
 
No
  41%
TOTAL VOTES: 114

Vote