Are there any tools to prevent our social networking accounts like Facebook from being hacked and hijacked?
Ask a question
Davey Winder, one of SearchSecurity.co.UK's resident security experts, is standing by to answer your questions. Send in your questions via email today. (All questions are treated as anonymous.)
To prevent social networking account hijacking, you must first understand the security issues that can make your organisation’s social networking accounts vulnerable. Brute-force password hacking and snooping are common attacks against social networking accounts, so it’s important to implement a strong password policy to prevent simple brute forcing of the account, and always connect via a secure HTTPS connection to prevent snooping by attackers who may be using tools such as Firesheep.
A bigger problem, and one that can be harder to combat given the propensity for Facebook users to play social games (despite being forbidden in their organisation’s Acceptable Use Policy), is malicious code injection. Whether through indiscriminate link-clicking or rogue app execution, malicious code injection attempts should be detected and blocked by your existing antimalware defence tools. Additionally, there are Twitter and Facebook security tools, such as F-Secure Corporation’s ShareSafe and Barracuda Networks Inc.’s Profile Protector, that can scan and warn of malicious links. Another option is Websense Inc.’s Defensio, which will filter inappropriate links and profanity from comments on a Facebook wall, and also delete malicious code.
Facebook has teamed up with Websense to prevent Facebook hacking. They have introduced a malicious link checker powered by the Websense Threatseeker Cloud, which warns users if any link they click on is potentially dangerous.
For Twitter, the 140-character posting limit means URL shorteners, employed to save valuable space, can also disguise the real intent of a malicious link. It’s worth considering a link expander utility such as Sucuri or LongURL to reveal the real destination along with additional information about the content of the destination link.
This was first published in March 2012