LinuxSecurity.com 		Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: March 20th, 2010
Linux Security Week: March 16th, 2010
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Defenses lacking at social network sites Print E-mail
User Rating:      How can I rate this item?
Source: SecurityFocus - Posted by David Isecke   
Network Security Services like LiveJournal and Tribe are poised to be the next big thing on the Web in 2004, but their security and privacy practices are more like 1997. Brad Fitzpatrick is president of LiveJournal.com, a social discovery Web site where over 1.5 million users post diary entries they want to share with friends. Although members post extremely sensitive information in their journals -- everything from their plans to commit suicide or sabotage their boss to their latest sexual adventures -- Fitzpatrick admits that security on his site isn't a priority. . . . Services like LiveJournal and Tribe are poised to be the next big thing on the Web in 2004, but their security and privacy practices are more like 1997. Brad Fitzpatrick is president of LiveJournal.com, a social discovery Web site where over 1.5 million users post diary entries they want to share with friends. Although members post extremely sensitive information in their journals -- everything from their plans to commit suicide or sabotage their boss to their latest sexual adventures -- Fitzpatrick admits that security on his site isn't a priority.

On the initial login page, LiveJournal members send their passwords in the clear. "We're hoping to change that in the next month," Fitzpatrick said. "But site performance is our highest priority, and SSL is a pain."

Jack (not his real name) is an LJ user whose account was compromised. He isn't sure how it happened, but one day he logged in and discovered a huge portion of his journal entries had been deleted. The attacker didn't stop there -- she or he also plundered his friends' "locked" entries (visible only to other friends) and reposted extremely private exchanges as public entries in Jack's journal. Although he quickly changed his password and fixed the problem, the damage was done. "My friends were really upset and the bad feelings persist," he said. One friend feared that she might lose her job when a private entry about problems with her supervisor was made public on Jack's journal. "It's still cached on Google," he explained, "although it would probably be hard for most people to find unless they knew all the details."

Read this full article at SecurityFocus

Only registered users can write comments.
Please login or register.

Powered by AkoComment!
 
< Prev   Next >
    
Partner:

 
Latest Features
Vulnerabilities in Web Applications
A Secure Nagios Server
HowTo: Secure your Ubuntu Apache Web Server
Creating Snort Rules with EnGarde
What You Need to Know About Linux Rootkits.
Introduction: Buffer Overflow Vulnerabilities
Network Security Audit (Part II)
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2010 Guardian Digital, Inc. All rights reserved.