As you’ve most probably read by now search engines providers have been working on providing so called real time search results. These results include queries to, for instance, Facebook, Twitter and Myspace.
We may not all realize this, but we have just turned yet another technological corner. Everyone will have exponentially more and faster access to personal information now including data from social networks. Everyone naturally includes cybercriminals.
In my opinion, cybercriminals now have a great new opportunity to combine two major threat vectors – Black Hat Search Engine Optimization and social networks. Now turnaround will be faster and more people will see the malicious links created by black hat SEO – something search engines have already failed to control.
This is important, because to date attacks via social networking sites aren’t yet as prevalent or sophisticated as they could be. The gang behind Koobface has recently stepped up their game but overall isn’t really technically advanced. In fact, from where I sit, the development of malware that’s targeting social networks is really reminiscent of that of IM-Worms some years back. It’s the same situation: your friend’s compromised account is used to persuade you to click on a malicious URL. So we’ll probably soon see the social engineering approaches used to spread social networking threats following a similar evolutionary path.
I’m also concerned about how real time search results will affect our online privacy.
Clearly, it’s no coincidence that Facebook introduced their new set of privacy guidelines just days before Google introduced real time search. The recommended Facebook settings – which surely will be used by the vast majority of the Facebook community – put a lot of information into the public and semi-public domains.
Yes, this approach will definitely make real time search results more effective. But I definitely think that the recommended settings expose too much PII.
What does this hold for the future? I’m convinced that real time search is just in its infancy. I’m positive that soon enough search engine providers will offer everyone the opportunity to use real time search with their Facebook/Twitter/MySpace/etc. credentials. This would then allow people to more effectively crawl what their friends – or friends of friends – are up to. An opportunity that the cyber criminals will surely not let go to waste.