Security and Social Media

The very fine, red line between love and hate.

I use Twitter a lot. Some have even said that it borders on the same unhealthy addiction I harbour for Scarlett Johannson, but that’s a story for another day. That said I do not use Facebook, MySpace or any of the other big, popular, brain atrophying SocNets that plague the Internet that we all know and love today. What’s my point in all of this ? I’m going to focus on Twitter here, but the same thought processes can really be applied across the board.

Social Networks are huge at the moment. For the most part I really don’t understand them nor believe what they do to the general populace is a good thing. When was the last time you actually picked up the phone, called someone and said “Hey, we’re buddies right ? Let’s go have a cold beer and talk rubbish about something we both share a keen interest in…” ? But I digress…

I use Twitter on a daily basis. I don’t follow too many people I would call friends. 85% of my “following” is made up of people and news sources in the Information Security space. I’m not going to list them here as that would just be silly. I find it really useful because I get up to the minute news from various sources around the world on news and the like. This is great because I get two things from it,

1. Up to date news on security topics, new exploits, new documents or discussions

2. Correlation. This in itself is great. From a news article, it’s very difficult to know without digging deeper to know if that new 0-day for Openssh is real or not. With Twitter, you’ll hear about it AND get an in depth analysis from some of the biggest heads in security today. Very useful.

That said, you do get “false positives”. I have fallen prey to this a couple of times, but I’ve learned from it. The hype around the OpenSSH “0-day” that was doing the rounds a month or so prior to BH/DC. And let’s not even go near the problems with Twitter. No, wait, lets…

• Denial of Service attacks
• Being used as a C&C server to botnets
• Crappy Third Parties
• Denial of Service Attacks
• Compromised accounts
• REALLY crappy security
• Denial of service attacks

I could go on for a while but I won’t.

What’s my point in all of this ? Social media and security should really be mutually exclusive simple because of the inherit risks involved in the various Social Media networks these days. As security professionals and practitioners we should all be very weary of the various Social Network sites.

- Should we be using them in our “arsenal” as a source of information ?
- Should we be participating in something that is being used to attack the hosts we are working very hard to protect ?
- Should we be viewing this site that hosts malware, dodgy links (Yes, Bit.ly, we’re talking about you) ?
- Can we even use it as a source that seems to be under increasing attack from around the world ?

I do. And I find it very useful as I am sure most of the other people I follow do. So, at the end of the day, where does that leave us ?

Joe Public loves to be “social”. It’s only human nature. But that’s the problem isn’t it ? That’s the weak link. Joe Public is going to continue to use SM and because of that he’s going to continue to have his machine poked, prodded and at times pilfered by the bad guys using the same service. We can either deny this and carry on with our lives or we could setup the necessary precautions and use it to our advantage. The bad guys are…

So fire up your hardened web browser in your virtual machine that’s been setup just to run that browser and check it out. Make your own mind up. But for the love of all things holy, don’t click on that Shortened URL without thinking about it.