Create an Account
username: password:
 
  MemeStreams Logo

SecurityFocus HOME News: Defenses lacking at social network sites

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
SecurityFocus HOME News: Defenses lacking at social network sites
Topic: Miscellaneous 3:18 pm EST, Jan 14, 2004

] Defenses lacking at social network sites
]
] Sites like LiveJournal and Tribe are poised to be the
] next big thing on the Web in 2004, but their security and
] privacy practices are more like 1997.

I'm not sure SSL is really all that useful. It would prevent people from stealing your password over the wire, but I don't think most of these attacks are sniffing related. It would also allow you to authenticate that you are entering your password on my site, but I think most people who would fall for a phoney login would still fall for it. I'll bet if you offered it for a small fee few would buy.

People get into your account because they guess your password, or because you leave yourself logged in and then your friends come over and use your computer, or because you use the same password all over the place. There isn't much that I can do about these attacks as a site manager. I need YOU to use client certificates to login to my site, and you need to keep your certificate on a smart card or ibutton that stays on your person.

Is anyone using technology like this? Would you want to use it to access MemeStreams if it was available? What do you think?

SecurityFocus HOME News: Defenses lacking at social network sites



 
 
Powered By Industrial Memetics
RSS2.0