There has been much concern over the security and privacy of social networking sites. Much of the flak has been directed at the sites themselves. But a study run by security company Sophos showed, once again, that the real security hole, lies in users.
By creating a fake ID around a green frog name "Freddi Staur" (which is an anagram of ID Fraudster), and inviting 200 real users to be its friend, Sophos showed just how easy it is to get private info.
Without any "hacking" whatsoever, the tub toy
managed to acquire a treasure trove of personal data. About 73 people
were willing to post their birthday, while others willingly included
places of birth, employers' names and addresses, photographs of family
and friends, work resumes, and in at least one instance, the user's
mother's maiden name.
All this in response to a request from
something who obviously had no real identity of its own (its name is
actually an anagram for "ID Fraudster") and offered zero information --
real or imaginary -- about itself.
Yesterday, source code for Facebook's homepage was leaked to the Internet. This understandably raised alarm bells, but really - it seems the real worry perhaps should be about Facebook users themselves moreso than hackers.