Saturday, 5 September 2009
Is orkut/facebook safe? -Keerthi's Q.
Keerthi Reddy asked: Is an orkut or facebook is a safe way of communication?
I think this question, particularly about social networking sites, comes to mind only because of it vulnerability, which is obvious or tangible. Otherwise, the same question can be asked about emails or banking or any other website that we log into with/for sensitive personal information.
Lets see problems related to, in view of, social networking sites, which the question originally is for.
1.Hacking into Website UserIds and Passwords
2.Using personal information for Identity Theft and inturn for Financial, Criminal, Medical benefits
3.Using the information for spreading Hate about a community, a religion, a nation, etc
4.Using pictures in the profiles, especially of women, for criminal activities
5.Luring people into fake businesses or relationships
6.Creating fake profiles of celebrities and defaming them
7.Increase in spam mails, mainly increasing the unnecessary storage size at the server of the site
8.Spreading viruses, malware, Trojan Horses and worms.
I think these are the main issues concerned with such networking sites.
Hacking and obtaining userids and passwords are done mostly for Banking sites and thus obtaining information such as bank account number, credit card information, etc. The two most common and effective way of hacking are:
1. Through Keyboard Logger. This is a software that secretly installs in a computer and logs all that is entered through a keyboard by the user and then mailing back the log to the hacker. This software mainly comes as a camouflage, appearing like a JPEG or a ZIP file. While opening this file the software gets installed to our computer and as this is a hidden software we are not aware of it. So be careful and any such suspicious attachment should be discarded.
2.Is through phishing. We normally see some scraps in orkut which says 'click on the below link' or 'copy paste the below link in the browser for more details' etc etc. Or sometimes we get mails which appears as a mail from our bank site, which says that so and so transaction was done in your account, if it is not done by you then inform us immediately to stop any further such transactions. Then it leads us to a site, which actually appears to be bank site and asks us to login with our user id and password. These details once entered are sent via mail or FTP to the hacker and his job is done!
2.Lot of personal information on orkut/facebook or any social networking site can be dangerous. There were cases around the globe where people have used information about others as their own for financial gains, for buying restricted drugs, for posing as others to defer arrest and to get into relationships.
Previously, if we remember, we were able to see scraps of people who were not in our friends list. But due to increase in such cases and a threat to people's identity being misused, a security featured was installed where the user can set preferences as to who all can see his scraps, photos, profile and videos.
3.Just type the word 'Hate' in orkut and as much as 213 results crop up in communities. Many would be like, 'I hate waking up early' but if you search a little more, you will find communities such as I hate India, I hate Pakistan, I hate Americans or I hate Israelis, etc etc. Although Orkut is taking care of banning such hate groups but one or the other show up all the time. These groups spread nothing but hate among people and thus play a very important role in spreading riots and tensions all over the world.
4.There were cases of misusing pictures from profiles, especially of women, when anybody could see the pics of anybody's profile. Security feature has been added by orkut. And I believe other sites too have this feature. The choice most of the times are left on the users whether they want their profile to be public or available only to friends.
5.Every now and then we see a message in our inbox saying, 'Earn 20k per month while sitting at home' blah blah.. and 99% of these cases lure people by saying its a great earning opportunity with only a minimal amount, say 500Rs as investment. And I had a chance to talk to one such person who advertised in the newspaper, and I got to know that the work was to lure some more people into this business and earn from the investment amount they send to us. No product, no services, nothing. It is pure chain marketing that 'begs' money from people and asks them to 'beg' from others.
Another intention, as we had encountered a case in India sometime back, is to start and grow relationships especially with rich and young people, then ask money as a favour. In an extreme case when one such individual couldnot give money, he was murdered in a rage.
6.Sometimes we hear that so and so celebrity has created profile in orkut and thus such profile are flooded with friend requests and traffic. Although many do it to increase traffic on their sites related to the profile while some do just for fun to defame a celebrity.
7 & 8.These are interrelated as increase in spam mails in turn increases spread of viruses and this in turn increases unethical hackers which in turn increases fraud and crimes.
So, if all such things can happen, why are people still using it without fear?
Although we normally dont hear much of such cyber crimes, it is definitely rising. And only next to pornography are cyber crimes such as hacking and tempering with confidential documents and identity theft, etc.
However, to answer your questions in a sentence, I would say it is pretty safe to use orkut/facebook or any social networking site as a matter of fact, if we know what we are clicking and whom we are talking to.
Not everybody can hack so easily and when it comes to hacking a google account it is even more difficult as these use a four level login procedure. Some simple tips will protect you:
Login using only Orkut site and not through any other link.
Never click on links sent through scraps or message, as they are phishing sites, not even it they say orkut tips and tricks.
Never disclose login details to anyone.
Never "talk" to strangers.
Do not install any suspicious attachments.
Never use Remember Me option on shared computers.
Always Logout when closing sessions.
I am not sure if anybody is aware of it, but there are two ways of transferring data on net, one is HTTP and other is HTTPS. Altough Orkut uses HTTP, but we have an option of using HTTPS for Gmail account. Whats the difference? HTTPS is a secured way of transferring data, i.e it encrypts the data before it is sent 'on air', thus making it a lot safer while communicating.
Its simple...Open your gmail account, goto settings and check the option: Always use HTTPS and save. See that your browser address details will change to HTTPS. I have read this once in newspaper and changed mine since then.
Hope this article was useful.
A few words before closing:
Orkut/Facebook are revolutionary web services that have brought old friends together, that have given a voice to the common man, that have brought similar minded people together. Lets use it wisely. Although it is necessary to be 18 to use orkut ( think 13 for facebook), a lot of users are below 18 who use it. Parental guidance is necessary and helpful to stop being a victim of cyber crime.
P.S. One of the source of information, a friend, Krishna, a certified ethical hacker, a wannabe cyber crime inspector.
Please visit the blog spot 'http://tipstoprotectoneselffromhackers.blogspot.com/', a newly created one, for more information on hacking. We will be updating it regularly especially about hacking.