John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

Consumer-grade IT: Facebook/MySpace Coding Flaws

by John Pescatore  |  November 9, 2009  |  1 Comment

Most of the discussion on “opening up to social networking” seems to focus on the simplistic problem of allowing access from work or blocking it. That’s an easy one – businesses and government agencies will allow access, generally sooner rather than later. The real issue is what security controls need to be added to make sure that use of those sites is safe enough for business use – because by themselves, they are not safe enough for business use.

A piece in NetworkWorld on major cross-site vulnerabilities in Facebook and MySpace points this out.  The business model behind social networking sites is to put ads in front of users and to get high prices for those ads by making sure they are targeted to match users behavior and profiles. There is a built-in incentive to gather information on users and make it available to 3rd parties – a perfect breeding ground for cross-domain leakage problems.

Now, those sites also have a built-in incentive to have loyal users, so they can’t completely lose the trust of users. However, growing ad revenue 20% will always trump temporarily slowing user growth because of data exposure incidents – but if your customer’s data has been exposed through one of those events, the costs to your business will continue for a long time. Especially if you are relying on the “we assumed they were responsible users – we told them not to do that” approach.

1 Comment »

Category: Uncategorized     Tags:

1 response so far ↓

  • 1 Scott Olson   November 9, 2009 at 1:38 pm

    Good post John. This problem was highlighted further by Zynga’s decision to pull their FishVille game from Facebook. They simply had too many scams in their in-game offers. Zynga is one of the powerhouse game providers to Facebook and their action here is a signal of the problems with the architecture Facebook has in place.

    The social sites are going to have to take a more aggressive stance with this, however, not because of user growth, but because of the loss of user confidence in the primary supplier of their revenue.

    These companies know all too well how news can go viral and are experiencing the flip side of this right now. Ultimately, you’re right. There needs to be significantly more security implemented in the architecture of these sites and endpoint security needs to be improved to meet these threats.

Leave a Comment