Security and Facebook like

Greek researchers will present tomorrow a attack using Facebook as vector. The idea is that they provide an applet that displays nice picture from National Geographic. Unfortunately, the applet in addition to its benign display request to download a big file from one server. If this applet spreads within social network, it may end up in thousands of applets downloading big file from one given server, in other words in a Distributed Denial Of Service (DDOS)

And all journalists discover that there is a risk with social network. I am always amazed to see when people discover the obvious. Why should Web 2.0 be different from “old” computing time? Anybody is expected to understand that it is not safe to execute a piece of software from a an unknown publisher. It may be a malware. It is expected to be accepted by users as a good practice.

And now on the sudden comes Web 2.0. And any body is happy to add nice widget to his/her site, web page, desktop, … Why should widget be different from normal application? Why should widget not carry lethal payload? Why should Web 2.0 be secure? (at least not by construction). I am only amazed that there are not more plagued widgets today.

Using social network is even worse. You may trust your friends in your social network. thus, you may eagerly accept nice widgets from them. But how do they know it is a safe widget. Imagine a widget with a delayed bomb inside (as it is used in virus). It spreads nicely within facebook, and then it is triggered… :Sad:

Am I too paranoid? Why did web 2.0 escape common sense? Any idea?

Leave a Reply

Your email address will not be published. Required fields are marked *