Research shows dangers of user-generated content

News

Research shows dangers of user-generated content

Warwick Ashford

Hackers are exploiting user-generated content features of social media websites, a study has revealed.

The technique is highlighted in Imperva's latest hacker intelligence report by researchers who deconstructed a recent successful attack on MilitarySingles.com.

In March 2012, Lulzsec hackers attacked the site and disclosed sensitive information on more than 170,000 members.

“Social networking, user-generated content and PHP-based applications are prevalent on the web, but this report gives pause to consider how easily sensitive personal information can be accessed through these channels,” said Amichai Shulman, chief technology officer at Imperva.

Many social media sites run PHP, a web development language common to more than 75% of websites. This makes them vulnerable to remote and local file inclusion attacks, which can be launched from user-generated uploads.

“The attack on MilitarySingles.com highlights the need for government and military personnel to have special policies regarding social networking, to prevent their information from being easily accessed and manipulated,” said Shulman.

Imperva believes more than 90% of the MilitarySingles.com passwords were cracked in 9 hours. This points to a need to encrypt passwords to prevent future breaches, the company said.

The findings of the research calls into question whether it is appropriate for military and government employees with links to sensitive information to participate in social networking websites, said Shulman.

"The findings suggest new public security policies may be required to prevent future breaches," he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy