Just a few short days ago I read the announcement that Microsoft announced a new relationship with the social networking services Twitter and Facebook. The relationship was created to enable users of Xbox Live to access their profiles and post photos to their Facebook accounts and allow Twitter users to post and read messages – all from the comfort of their televisions and game consoles.
Some readers may wonder if Microsoft is simply falling in lock-step with the social networking movement. Actually, it makes sense when you consider that in October of 2007 Microsoft purchased a 1.6% equity stake in Facebook for $240M. So, in the case of the Facebook relationship, this move supports Microsoft’s previous investment by connecting their platform to the already 200M+ existing Facebook users – further supporting Facebook’s dominance in the social networking space. Regarding Twitter, well, Microsoft interfacing with Twitter is interesting because this is an equally interesting time for Twitter with rampant reports (some from the rumor-mill) of potential acquisitions from Yahoo, Apple, Facebook and Google. Twitter clearly represents the world of instant notification and gratification – from individuals to complete groups of followers. According to Nielsen Online, Twitter has grown 1382% in 2008 – definitely a tantalizing company to acquire – with the right monetization strategy.
I would be remiss in my duties if I didn’t balance out this blog post with a perspective from “the other side of the fence” – the caveats (or at least, what to be aware of). As we interconnect more services, we also increase the entry points to those services. From a security perspective, those are viewed as either realized or potential threat vectors. For instance, if an Xbox Live account is hacked, does that now expose the associated Facebook and Twitter accounts as well or is there a separate method to access these accounts (which could make the whole proposition quite cumbersome)?
The following is a short list of best-practices and are some of the surest ways to keep your account from being accessed by someone:
- The Xbox Live team has a page that lays out some of the best ways to protect your account: http://www.xbox.com/en-US/live/accountsecurity.htm
- Beware of phishes (fake emails asking for credentials) – quite simply, you won’t receive email from a legitimate source asking for your credentials
- Even when in IM/chat sessions, beware of links that are posted – especially when they are unsolicited. Many links to malicious sites today can “push” malware on a PC without even asking the user to download and install it. Watch where you browse!
- Use proactive anti-malware (anti-virus) software. Signature-based products can’t scale with the frequency of distribution of new worms, viruses, root-kits, etc.
- Using “cracked” or pirated software opens the user to the potential for malicious software – since it’s not coming from a reliable/trusted source.
In the book “Exploiting Online Games” by Greg Hoglund and Gary McGraw, the authors state, “Microsoft reports that gaming is the third most common activity on its platforms, just after browsing the Web and reading e-mail”. In addition, Major Nelson, Xbox Live manager, recently “tweeted” that Xbox Live now has over 20 million subscribers. With the push for ubiquitous connectivity to the social fabric of the Internet, providing another interface (besides PCs and mobile devices) means that millions more users are now able to leverage another platform to stay connected to their ever-growing web of social networks.
Jeff Debrosse, CSSA
Author ESET Research, We Live Security