This is the 29th episode of the Social Media Security Podcast. This episode was hosted by Tom Eston and Scott Wright. Below are the show notes, links to articles and news mentioned in the podcast:
- MySpace charged for violating user privacy, vows to do better
- How a fake Justin Bieber “sextorted” hundreds of girls through Facebook
- FBPwn: A cross-platform Facebook social engineering tool
- Tom and Scott’s take on the Facebook IPO
- LinkedIn CSRF (Cross-site Request Forgery) controls attacked
- Scott gives us an update on his mobile honeystick project
We are still planning on getting back to regular podcasts! Stay tuned. Please send any show feedback to feedback [aT] socialmediasecurity.com
or comment below. You can also call our voice mail box at 1-613-693-0997
if you have a question for our Q&A section on the next episode. You can also subscribe to the podcast in iTunes
and follow us on Twitter
. Thanks for listening!
Posted originally on Neohaxor.org, re-posted with permission:
Business social network LinkedIn announced their LinkedIn Applications today. The applications directory can be viewed here There are only several applications to chose from at the moment. I am sure that number will grow soon. LinkedIn uses Google’s OpenSocial just like other social networks such as MySpace, Orkut, hi5, etc. I only spent like 5 minutes looking at a couple of things. So, the following are only my quick thoughts and impressions.
The applications are delivered though the domain lmodules.com. This makes them easy to identify and block if that’s what you would like to do.
At first glance it appears that the vetting process for LinkedIn is higher than some of the other social networks. They appear to only want known businesses to create applications for their network at this time. This would help root out some possible malicious users. A vetting process is a good first step in thwarting that type of malicious behavior. I didn’t look at the difficulty in attaining a developer account, but I am assuming it is much more difficult than other social networks like MySpace, Facebok, etc. Now, whether this vetting process will stay this stringent will remain to be seen. These procedures may be relaxed in the future due to demand.
Just because the name has changed doesn’t mean the threats have changed. As a matter of fact there may actually be more on the table. Business networks such as LinkedIn are more likely to contain real information about people vs other non-professional social networks. Not that people don’t share enough about their real self on other social networks. This means the same threats exist for the capture of information as on other social networks.
There are still technical threats from social network applications on LinkedIn as well. These are the very same issues as other social networks that we have discussed in the past and demonstrated. Malware distribution, social engineering, attacking clients, information harvesting, click fraud are just some of these threats from social network applications. Moral of the story is be careful. Don’t install apps you don’t need, even though you may do so on your iPhone
So all in all the threats are the same with LinkedIn as any other social networks that employ applications. However, with a more stringent vetting process this should reduce the possibilities for malicious by making accounts harder to get.