Facebook defends social networking security

Powered by SC Magazine
 

Social networking giant Facebook has defended its security and privacy controls in the face of criticism from industry experts, at this year's Infosecurity Europe show in London.

In a keynote at the event, Martyn Croft, head of corporate systems at the Salvation Army, argued that the concerns over corporate use of social networking sites, including lost productivity and malware infection, are "very real".

"It's a social engineering gold mine – a haven for finding out valuable information and it's an easy distribution platform for malware," he added. "For us, brand value is paramount and if we lose it we lose revenue very quickly."

But Max Kelly, chief security officer at Facebook, argued that the firm has gradually improved its security controls over time, to the point where users can now have control over who views any part of their profile on the site. "It is an educational challenge though," he admitted. "Users have top create a privacy model for themselves and that has been an ongoing challenge."

Kelly added that the firm has built up a "strong security team" to deal with issues at the network and application layers, and to investigate potential phishing and spamming attacks using data harvested from users of the site.

"It was in about January time that we became noticed by threatening elements who began to come after us," he said.

Jeremiah Grossman, chief technology officer at web app security firm WhiteHat Security, argued that social networking sites are prime targets for malicious Java script to be uploaded onto them. "It's an easy and effective way to effect the enterprise and because it's all purpose built, it's difficult to protect against; we need a whole new set of solutions," he said.

He suggested that Facebook is reluctant to restrict security too much on the site because it will affect its business model. "It will take risks with security because [ultimately] it's the users getting hacked not Facebook.

Read the full article

itweek.co.uk @ 2010 Incisive Media


 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 991

Vote