ICT security service provider warns of dangers in Facebook, XING & co. Rapperswil, 06 May 2009 there is commonly known that unwary user in online communities such as Facebook, XING and StudiVz through indiscriminate information, pictures etc for the general public become transparent. In addition to the voluntary loss of privacy by the openness of many users, however additional threats lurking. That social networks pose also technologically numerous security risks, is the least aware. So the compass security AG has already identified a number of flaws, which allows to manipulate user account compromise, news mitzulesen and much more. Ulrike Peter, Senior Vice President of the Sprengel & Partner GmbH, has seen how fast one can fall a such attack to the victim: I was on the phone with Marco Di Filippo of Compass security and he sent an E-Mail with the link me this bestoffers /, in which he suggested an offer at XING. The usual XING anmeldemaske and I opened it after clicking I logged on as usual in my account myself.
After I had done this, he read me my password. I was totally perplexed.\” This example illustrates the importance as well as the possible consequences but, served demo purposes. \”The attacker through one such of man in the middle attack\” enters a password or other data, including access to other accounts of the respective users could get. Because most people tend to use always the same password. If you are not convinced, visit Restaurant Michael Schwartz. At the same time, the attacker could sprinkle a variety of such links in the Web 2.0 or on Google, and innocent users would use them without hesitation. Typical flaws in social networks, which coincide with those of other Web applications are the enablers. The attack method applied in previous case is called redirecting attack and can be applied on all possible platforms for which authentication is necessary. More WepApp vulnerabilities (see index.php/Top_10_2007) allow the execution of various scripts to \”steal\” the user sessions, Deface websites, malware to install etc.