Not at all surprised to read about Facebook getting
its code hacked over into the public domain (see
this report in New Scientist) - as we have
argued before, sites like these are
hackers' paradises and there are way more mathematicians outside than in. NewSci makes the same points well and also quotes our favourite cryptoguru Bruce Schneier, so even if you don't believe us....
Anyway, to quote NewSci:
The reason the leak is concerning is that, by studying the leaked code, a canny computer hacker might be able to figure out some critical security vulnerabilities and thus gain access to tonnes of personal information.
Having the source code is not the same as finding a vulnerability, however, so I don't think there's much cause for alarm right now. On the other hand, the story raises two important and worrying issues.
The first is that social networks place an awful lot of personal information in one location, raising the risk of identity theft - as several security experts have already warned.
The second point, which is connected to the first, is that social networking services are becoming an ever more enticing target for computer hackers. Only last week we ran a story about a computer expert cracking into MySpace accounts.
Eggs, Basket and all that......
Increasingly when we think about Identity (being the
paranoid people we are) we like to think about it being dispersed, hidden, and hardened against attack. I was asked to talk at Mobile Monday last week on the
issue of mobile Identity, and noted we could call our approach the "Voldemort Horcrux Gambit" - anyway, that seems to have gone down quite well judging by the comments I got afterwards, so we offer it as an analogy here for you, gentle readers.
From Wikipedia:
A Horcrux is a "receptacle in which a Dark wizard has hidden a part of his soul for the purposes of attaining immortality." With part of a wizard's soul thus stored, the wizard becomes immortal so long as the Horcrux remains intact, typically hidden away in a safe location. If the wizard's body is destroyed, part of the soul remains preserved within the Horcrux.
Words like Intact, Safe and Hidden are to the point here. Furthermore...
There is no apparent restriction on the nature of the items that can be made into a Horcrux. Inanimate objects are usually used, but a living organism can also be made into a Horcrux. There also seems to be no limit on the number of Horcruxes a wizard can create. However, as the person's soul is divided into progressively smaller portions, he loses more of his natural humanity and his soul becomes increasingly unstable
In that respect they behave much like federating identities - more is safer but is harder to maintain. Voldemort believed 7 was the magic number but inadvertently made 8 (and look where that got him). And finally. a salutary lesson:
In his arrogance, Voldemort dropped subtle hints about having created Horcruxes to his followers. Having overheard one such boast, Regulus Black guessed correctly that Salazar Slytherin's locket was a Horcrux and sacrificed his life to retrieve it
Now, one may think that this is only relevant to Evil Wizards, Corporates and other mobsters with a need for high security, but people would do well to think about the rise in (i) ordinary consumer identity fraud and (ii) the number of "lapses" like the Facebook one that
have already occurred
So, can we offer probably the best bit of free consulting advice you will ever get this side of 2010 - if you are ever tempted to "let it all hang out" on Facebook or whatever - don't. Build your own Horcruxii instead.
Meg Pickard has done rather a good job of explaining the problems of "friends" on social networks over here. Meg has focussed on Facebook ( how surprising but it is true for any social network site. To quote: For example, at present on Facebook, I ha
Tracked: Aug 23, 10:29