In the wake of a high profile (though harmless) cross site scripting attack launched from Twitter.com’s Web site, the New York Times is sponsoring a debate about the security of online social networks that offers some harsh criticism of the micro blogging site.
The Gray Lady pulled together top names from industry and academia to weigh in on the implications of recent attacks, including Tuesday’s compromise of Twitter’s Web site, which may have affected more than half a million Twitter users. In a series of op-eds, experts questioned everything from the management of the popular site, to the social network’s internal management, to the shaky technology foundations of the Web itself.
Participants included top tier opinion makers from the anti malware industry, including Graham Cluley, security consultant and blogger extraordinaire at Sophos and F-Secure’s Mikko Hyppönen, neither of whom were sanguine about the likelihood of eliminating future attacks, offering mostly practical advice to Twitter (i.e.: patch your Web site, don’t allow javascript in tweets.)
Other contributors took a darker view of the mostly harmless attack. In an op-ed titled “Worse than you think,” Ron Deibert of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs said the larger story behind the explosion of online “hypermedia” was a loss of privacy and security.
“A largely hidden and massively exploding ecosystem is parasitically thriving off of our insecure data-sharing practices, and vulnerable browsers, servers and Web sites. The perpetrators range from criminals and click fraud artists to sinister agents of corporate and political espionage. Malware and denial-of-service attacks on human rights and opposition groups are increasingly de rigeur for repressive regimes,” he wrote.
Deibert, whose Citizen Lab helped uncover the Ghost Net, an online spying network targeted at the Tibetan Government in Exile, warned that “we are heading into a perfect storm of insecurity and exploitation the causes of which are connected to vast and powerful global forces.”
“Perfect Storm” was a commonly used theme. Steven M. Bellovin, a professor of computer science at Columbia University reached for the same Jungerian metaphor to describe the special circumstances of social network security risk factors: “new designs and code, user input, and lots of connectivity.”
“This doesn’t mean one needs to avoid such services. However, at the moment they are probably more fertile grounds for nastiness,” Bellovin wrote.
Check out the rest of the debate online at the Times’s Web site: https://www.nytimes.com/roomfordebate/2010/09/22/the-buried-threats-in-that-tweet