Exploring Social Media: Security and Monocultures

Filed as Features on March 12, 2009 4:38 pm

Exploring Social Media article series badgeF-secure reports on security vulnerabilities with Adobe Reader and Foxit Reader for reading PDF files.

While this could be seen as another day-in-the-life update, the warning came with an interesting twist:

Do note that while we are recommending users move away from Adobe Reader, we are not recommending any particular replacement.

…Instead, we recommend users to find their own Adobe Reader replacement.

This way we get more heterogeneous userbase, which is a good idea security-wise. Nobody wants to repeat what happened with the great IE —> Firefox switch. As 40% of users switched to Firefox, about 40% of the attacks switched to target Firefox.

Monocultures are bad.

In the new world of online social, more and more people using the same tools, putting us all at risk as hackers and attackers move towards the natural migration of popularity. Monocultures are bad as they open the door to mass risks.

Yet, the number one cry of many computer users is consistency in look and feel. Everyone wants a single powerful interface that brings all the fabulous third-party tools and resources together to use . Adoption of Microsoft products on a wide spectrum was part of the desire to fill that need – one product everyone was familiar with and could easily exchange files and data.

The development of HTML was based upon that very premise – breaking the barrier between data so it could be shared universally. We all want a single tool that integrates all the social media tools together, so we can connect the dots in our online social life without dancing between tools and web apps.

If monocultures are bad, and hackers, time wasters, and evil doers follow us to whatever is most popular, literally worming their way into our programs and disrupting our lives, what should we do? What can we do?

The open source world is based upon options – giving users the chance to choose from a range of tools that basically do the same things, give or take, and the freedom to develop that variety. We now can choose from multiple methods to access and mashup Twitter, blogs, and other social media platforms.

With API development, we rarely interact with the tool or service itself, using third-party apps to connect. Some Twitter users go months without ever accessing the Twitter website, using the social media microblogging publishing tool through third-party apps. Meanwhile, Twitter’s core functionality stays the same and the third-party apps improve upon it.

While I’m using TweetDeck to access Twitter, and others are using PocketTweets, Twitter for iPhone, Twitterrific, Tweetr, Twhirl, Twinkle, Tweetie, Hahlo, Twittelator, and any of the other Twitter third-party access apps, if a hacker goes after one of those, only that app is impacted. But if someone really wanted to disrupt the whole of the microblogging social network, they would target the source, right?

While there is diversity, all of those services are still dependent upon the source. Isn’t that still a form of monoculture – putting all of our eggs into one basket? Sure, the eggs are all different colors, shapes and sizes, but they are riding in the same basket.

I admire F-secure for pushing protection through diversification. Unfortunately, we are a society that uses whatever came in the box, resistant to trying new things. Until we change, we are still reliant upon products and services with watchful eyes on security issues, and upon ourselves for upgrading when warned.

Related Articles

Tags: , , , , , , , , , , ,

This post was written by

You can visit the for a short bio, more posts, and other information about the author.


Submissions & Subscriptions

Submit the post to Reddit, StumbleUpon, Digg or Del.icio.us.

Did you like it? Then subscribe to our RSS feed!



  1. By The original WAHD posted on March 13, 2009 at 10:20 am
    Want an avatar? Get a gravatar! • You can link to this comment

    This is a great point…I could not agree more that there’s a certain safety in diversity online. It requires hackers to spread themselves too thinly across various platforms to truly make any impact.

    However, there are two points I’d like to bring up…maybe you have some thoughts about them?

    1) Regardless of diversity there will always be a majority. This is why hackers target PCs as opposed to Mac’s (the sheer difference in usage numbers). You bring up a number of different ways people could access twitter, but won’t the majority of people still use plain old web browser access (or maybe pda access)? As long as there are majorities the risk will remain.

    2) Diversity is a double-edged sword, as it makes it more difficult for security technologies to catch up. I read a rather humorous post on Tim Callan’s blog the other day (he’s a verisign exec) that claimed only one continent has total Extended Validation SSL compatibility. The continent is Antarctica, because everyone uses Firefox. The more streamlined the means, the easier we are to both attack AND protect, I think. The fact that there are so many browsers out there has caused a serious lag in the widespread adoption of EV SSL, which could very effectively combat phishing scams. So I think it works both ways.

    Reply

    Your words are your own, so be nice and helpful if you can. If this is the first time you're posting a comment, it might go into moderation. Don't worry, it's not lost, so there's no need to repost it! We accept clean XHTML in comments, but don't overdo it please.

    Current ye@r *