ShmooCon: Inside FarmVille's Sinister Underbelly


"Facebook has 350 million users with 12 million logging in daily. Twitter is getting 6.2 million new users a month. The target base keeps growing," said Eston, a penetration tester for a Fortune 500 financial services organization.

In one of their more colorful examples, the trio explained how actress Jessica Biel is the most dangerous woman on the Internet because of all the fake profiles of her scattered throughout the social networking landscape.

People on Twitter are easily duped into thinking Biel is following them in Twitter. The Facebook folks proudly count her among their friends, not realizing the page is really under the control of a malicious operator who wants you to click on malicious links on the page.

Then there's Blippy, a social network billed as a "fun and easy way to see and discuss the things people are buying." The presenters noted that penetration testers absolutely love this platform because of the naked insight it offers into the spending habits of specific individuals. They also shared a favorite quote making its way around the infosec community: "I joined Blippy and all I got was jacked at the ATM."

Another example is Foursquare, a social networking program that lets you keep track of where your friends are, literally. If someone in your network is in South Korea or in front of the Alamo in Texas, Foursquare will tell you so. Want to use it on your iPhone? There's an app for that. And for BlackBerries, too.