Computer security researchers on Thursday warned that online social networking websites are playgrounds for hackers who can easily take advantage of people's trust. Opportunities for mischief abound as users place intimate details of their lives on profile pages and install mini-applications made by strangers that don't always have their privacy at heart. In a trend pioneered with tremendous success by Facebook, social networking websites have opened their operating platforms to let outside developers craft fun, hip, or functional software "widgets" that can be added to profile pages.
Malicious code can be hidden in such applications, computer security specialists Nathan Hamiel and Shawn Moyer said at a premier Black Hat conference in Las Vegas.
"I can't necessarily attack Facebook or MySpace, but I can attack their users all day long," Moyer told AFP.
"Don't put anything on a Facebook account that you don't consider public." People are prone to place faith in social networking widgets and links from friends, said Idea Information Security consultant Nathan Hamiel.
"People are going nuts adding applications they don't need," Hamiel told AFP.
"Every time they do that they are showing an implicit trust in whoever wrote the application, and most people don't know who that is."
Hamiel and Moyer showed peers software capable of plundering profile information, swiping people's "friends," or locking people out of their own MySpace pages.
A pair of MySpace engineers who attended the demonstration said that hacks are known risks in today's social platforms and that they had Hamiel's application deleted by the end of the talk.
Fake postings on comment boards advising people to update software are ways to trick social network users into downloading malicious software that can commandeer control of machines, Hamiel said. "Social networks really don't care if you get pawned or not," Hamiel said, using slang referring to a computer user being dominated and humiliated by hackers.