Joe Gottleib, the CEO of the security firm Sensage, talks about the ways in which social networks "automate" trust online in ways that are unpredictable. By simply 'liking' or 'friending' someone, Gottlieb told the security blog Threatpost, you create "automated associations that lead to exposure of both good and bad social interactions," Gottlieb said. Social networks like Facebook or Twitter assume that, by taking those actions, you are prepared for all of the consequences, but that's hardly ever the case. And, once the connection is made, the implicit trust becomes a dangerous security exposure, lowering the target's defenses to attacks.
Richard Bejtlich, Chief Security Officer, Mandiant
The Petraeus affair is a great example of this. After all, the General wasn't the target of the FBI investigation, but his surreptitious e-mail ties to Broadwell made him collateral damage in a case that began with anonymous exchanges between a jealous lover (his) and a well-connected Tampa, Florida socialite. No Robert Hansen making dead drops of classified information to the KGB in D.C. parks, General Petraeus's crime was sending saucy e-mails to his biographer and paramour - herself an Army intelligence officer. Should he be fired - or in couples therapy?
Richard Bejtlich, the Chief Security Officer at the firm Mandiant, said that the circumstances of the case are unusual. Still, it's illustrative of the ways in which organizations - even intensely security-conscious organizations like the CIA - have allowed the barriers between personal activity and work-related activity erode. Bejtlich, whose company helps companies understand cyber incidents and defend against them, said that the advent of web based e-mail, social networks and mobile devices like iPhones and iPads has brought about an erosion of policies that required employees to segregate work- and non-work related online activities.
E-mail may not be sexy anymore, but it's still an information goldmine for attackers and criminal investigators alike, Bejtlich says. Email spools for individual users might contain thousands or tens of thousands of messages, including user names, passwords, account information and a useful social graph.