Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Snapchat and other online services need to tighten security

Lucas Mearian | Oct. 17, 2014
Also, users must come to the realization that nothing online is 100% safe.

SnapSaved took responsibility for what has been called "The Snappening," where around 70,000 Snapchat photos or videos were shared on an anonymous website. SnapSaved said most of the photos that were exposed came from Swedish, Norwegian and American users.

In a post on its Facebook page, SnapSaved apologized and explained its "dictionary index" database had been hacked.

"As soon as we discovered the breach in our systems, we immediately deleted the entire website and the database associated with it. As far as we can tell, the breach has effected 500MB of images, and 0 personal information from our database," the company stated.

Also according to the SnapSaved post, the hacker's claims that there was sufficient data to create a searchable database of Snapchat images were false.

Third-party applications for Snapchat, Twitter, Facebook and other social media sites can be found throughout Apple's iTunes and Google Apps services.

However, users are often unaware of the risk they're taking when they download an app, even one vetted by big-name vendors, according to John Kindervag, a security analyst at Forrester Research.

Hacks not new, but social media is growing them

Kindervag said three things have contributed to the flood of recent privacy breaches: The fact that security and net neutrality are opposite goals; the rise of popularity in social media, and poor security often results from a company assuming bad things happen only outside their network.

"Look at brute-force attacks, those have always been happening. The idea that SnapChat had another proxy involved that saved all their stuff, yeah that has always been happening too," Kindervag said. "Now everyone's upset."

"As I like to say, there are no suburbs on the Internet. We all live in the same bad neighborhood," he added.

SnapChat's biggest failure, Kindervag said, is that they weren't more closely monitoring the third-party apps using its API. He also said using an encryption algorithm would have made it more difficult to gather the photos in the first place.

"You should always plan for a systemic failure, whether its one in your network things or someone else's," Kindervag said.

Users, of course, also have a responsibility to understand that once something is uploaded to a cloud service, the risk of exposure greatly increases regardless of whatever security measures are taken.

For their part, users either have to be responsible in the content they create, or understand there are steps they must take to increase the security around the content.

Northeastern's Kirda recommends people use free services such as KeePassX, an open-source password management utility that works with most OSes. KeePassX stores usernames and passwords in an encrypted database, and gives the user the specific password or key file to use on every website they visit with a login.


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.