USA Today published a great article on Monday about search engines now beginning to index various types of social media. Bad guys now have even more ways to correlate information and with less of our lives being private (albeit by choice), it makes those stupid security things we do even more relevant.
Last month’s Herding Cats tackled Privacy, and specifically the expectation of privacy for future generations. Social media addicts have the ability to tell the world exactly where they are, what they are doing, and show them visual or auditory evidence by posting geo-tagged videos or audio. Now add in a near real-time index of this stuff, and you can see how much more powerful (and scary) social media gets.
If you’ve never Googled yourself, give it a try some day. If you use social media, you might be surprised what comes back.
Now consider what happens when you have malicious content published via social media that shows up in search results. Google tries to protect users by flagging content it indexes as unsafe. In fact, doing some searches will show you tons of old WordPress installations that have been compromised and are still poisoned in some regards. But what happens if hackers start (or hack) a Twitter account that references links that attack users when clicked? Google now could index that and a simple search on events in Dallas might yield poisoned links.
While indexers will do what they can to protect users, spammers and hackers are creative, and will be continually evolving their attacks to get their content on top of results.
There are no real solutions here, which is the disappointing part. This is just yet another example of more challenges for security professionals as social media becomes more critical to companies and their outreach to their customers.
Possibly Related Posts:
- Let’s Encrypt for non-webservers
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC