Recently I stumbled upon the following video. It is nothing but an example of what we, as security professionals, are up against. You see, web application security nearly affects everybody.

This video does not really show the security aspects of social networks but it does a pretty good job of showing, in a very dramatic way, how social networks could affect your life, your social life if you like. All these social networks could be fun but be very careful with your activities because you may leak sensitive information that can be used for all sorts of things, like for example identity theft.

If someone steals your identity, there is not much you can do about it. I am not talking about someone stealing your credit card number and making dozens of on-line purchases on your behalf. No! I am talking about the future human chameleons with cyber enhanced capabilities.

In may mind, a cyber chameleon is a person who replicates identities. We all know that we, as humans, are highly predictable. There are a lot of patterns around our lives. If someone adopts these patterns will they be able to replace anyone of their choice?

These conversion is rather philosophical then web security oriented but believe me or not, soon or latter, we are going to deal with it, because it is indirectly related to security, web security. One of the ways to steal someone’s identity is make sure that electronically you have all characteristics of that person.

What could I tell ya? Computers never lie, kid. Hackers

So you see, computer are involved to a great extend because the data, they store, can be easily modified, sometimes without authorization. That of course is not applicable to public records/archives where everything is kept on paper and once someone make a change they cannot guarantee that all records are successfully updated.

All it takes, for someone to steal someone’s else identity is to jump right on any social network and start looking for a profile they can easily adopt. Once the target is selected, the rest follows. At some point, the attacker would probably reach the stage where they need to gain control over the account, through XSS and CSRF and from that point on, take a full advantage of the newly acquired identity. The more information you have on-line about yourself, the easier it will be for someone to do exactly that.

You may thing that you can as easily open another account and start from scratch, but think about the people that you’ve interacted with all that time. One of the cool aspects of social networks, and I guess this is the main reason for their popularity, is that they connect people that have similar interested and that are usually fond of each other. However, not that often, people from these social circle know the rest of the group in person. Behind the keyboard of your hero you may find someone that is not something you would like to mess with it: serial killers, paedophiles, perverts, cyber criminals. In case of the latter, you are dealing with someone who knows how to manipulate information for their own benefit. Even if you feel obligated to inform others for what has happened to you, who do you think would listen? In cyber world you are nothing but a username/password entry in someone’s gigantic database. These two pieces of information define who you are.

People are getting so much involved into these social networks that everything seams to be so chaotic around this area. In the past, cyber criminals were interested in compromising web e-mail accounts. Today, they are interested in getting into your blog, your space and in general your social life. The more they know about you, the easer it will be.. or.. the more they know about you, the easier it will be for them to target others.

I will wrap up this post, who virtually can expand into a book on its own, with the following quote:

Kid, don’t threaten me. There are worse things then death and I could do all of them. Hackers