This entry was posted on Saturday, September 6th, 2008 at 3:44 pm and is filed under General Category. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Facebook botnet risk revealed
|
|
Researchers have created a proof-of-concept application for Facebook that turned the machines of people who added the app to their Facebook page into elements of a botnet that in a demonstration launched denial-of-service attacks on a victim server.
“Social Network Web sites have the ideal properties to become attack platforms,” according to a paper entitled “Antisocial Networks:Turning a Social Network into a Botnet,” that was authored by five researchers from the Institute of Computer Science in Greece and one from the Institute for Infocomm Research in Singapore.
The demo application, called “Photo of the Day,” displays a new photo from National Geographic every day. However, every time someone views the photo, the host computer is forced “to serve a request of 600 Kbytes,” according to the paper.
Such a botnet could be used for other types of attacks, such as spreading malware, scanning computers for open ports, and overriding authentication mechanisms that are based on cookies, the paper warned.
The researchers suggested that Facebook and other social networks be careful in designing their platform and application programming interfaces (APIs) so that there are few interactions between the “social utilities they operate and the rest of the Internet.”
“More precisely, social network providers should be careful with the use of client side technologies, like JavaScript, etc,” the paper says. “A social network operator should provide developers with a strict API, which is capable of giving access to resources only related to the system. Also, every application should run in an isolated environment imposing constraints to prevent the application from interacting with other Internet hosts, which are not participants of the social network. Finally, operators of social networks should invest resources in verifying the applications they host.”
In addition, the apps pose privacy risks as well because of the access they have to the data of the people who add the apps to their pages, the paper says.
Similar privacy and security concerns have been raised by others after previous third-party apps have been found to have security holes in Facebook.
Facebook representatives did not return e-mails seeking comment.
(Via ZDNet’s Zero Day blog and the Dark Reading blog.)
See Also:
- WV Division of Tourism Offers Fall Travel Ideas
- LOGIXML Introduces 64-BIT Support for Logi Info
- Sebasco Harbor Resort Announces Final Call for Entries to ‘Pure Maine Wedding Giveaway’
- DwellGreen’s “Greenest Building in Florida” Wins Four 2008 Aurora Awards for Excellence in High-Performance Building
- Chrome
[Via CNET - News.com]
Leave a Reply
