By Julie Joyce
With social media marketing becoming a popular way for individuals and companies to increase their online presence, it's critical for everyone to be aware of the security vulnerabilities that are intrinsic to the public sharing of information in this type of format. US-Cert, the Department of Homeland Security's cyber-security watchdogs, recently issued warnings for anyone using Internet Explorer in conjunction with Aurigma's ImageUploader, which is the image uploader that is being used on Facebook and MySpace. The warning was extended to cover Yahoo's MediaGrid ActiveX control and the Datagrid ActiveX control, among others.
Here's the issue according to US-Cert: "By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user on a vulnerable system."
Apparently no massive public exploitation has taken place YET with these vulnerabilities...but the group is still calling for users to disable their ActiveX controls to make their internet activities safer. These warnings follow ones issued when it was determined that certain Facebook features and MySpace banner ads were laced with malware such as spyware and adware.
With the masses flocking to use social media sites, it's inevitable that they would arise as a target group. While individuals can easily be affected by malicious programming through a site such as MySpace or Facebook, we also need to consider how this could affect the companies that we, as SEOs, are marketing in this manner...because it's one thing to accidentally welcome a virus onto your laptop, but it's quite another to invite one into a company's internal network. If you're setting up something like this for a client to use, you might want to do a bit of training on how not to fall into a nasty trap. People tend to feel very secure and insulated when using social media applications, for some reason. It's like one big family...or so they think. Even people who aren't savvy internet users can easily sign up and create profiles here, so all it takes is one clueless secretary (or my mother) to bring a major corporate network to its knees, if I may be extreme for a moment.
Obviously this is more of an internet security issue than a simple SEO issue. However, if you're recommending this type of marketing to a client, it should come with warnings on how to treat it properly. Once security flaws such as the ones in the image uploader are discovered, patches and new versions are quick to come out on the market BUT not everyone updates, and not everyone makes it their mission to find out whether or not their systems are vulnerable. The minute patches and new software versions come out, you can rest assured that someone will find something new to exploit, too.
Let's look back at the MySpace security issues that came to the public's attention back in January 2008.
Rigged MySpace profiles contained what appeared to be Microsoft security patches that popped up when a user attempted to view the profile. The unsuspecting users who downloaded this "patch" ended up opening a backdoor that allowed for the downloading of remote control tools, trojans, and more downloaders. If you think this type of thing would never happen to you, consider how many times you've accepted a friend request and viewed someone's profile. If a security alert popped up and you weren't thinking clearly for whatever reason, you could be in serious trouble. Maybe YOU are smart enough not to do that, but think of the general public...they're click happy.
Let's not forget about Twitter either, since it's quickly becoming a platform used by tons of people who want to keep others informed about their every thought and move. How easy would it be to set up a bogus profile, attract a few thousand followers, and send out a URL that, when clicked on, loads malware onto someone's system? Pretty easy, most likely.
So what can you do to keep your social media systems safe? For starters, you can begin to think of your online community in the same way that you think of your offline community. Most likely you don't tend to open your door to a complete stranger who rings your bell, so treat online "friends" with the same level of suspicion until you're convinced about their safety level. If you're using certain social media platforms like Facebook or MySpace, read up on the latest security issues associated with them, and by all means install the updates and patches. If you are recommending this type of marketing to someone else, whether it be a friend or a client, please temper your enthusiastic recommendation with a plea for caution. Common sense is not as common as we'd like to believe, but keep in mind that just because a system is fun and easy to use does not mean that it's totally safe, ever.