Social networks tumbling
December 4, 2012
By Roger Thompson

Recently, some bad guys found a vulnerability in Tumblr that allowed them to spread, in a worm-like fashion, what they thought was a funny message. Thousands of Tumblr users were affected, and while it probably caused some minor embarrassment to both Tumblr and those who were infected, there are two bigger issues in these days of cloud computing and burgeoning social sites.

The first is that the twisted payload of the worm was that if you deleted the message, it also deleted your blog. Now in my case, I would not have cared, but I can imagine that some people might store the only copy of important words or images in their blog or on the cloud (whatever that cloud might be) in the belief that it is perfectly safe there. Maybe it is, and maybe it isn’t. Maybe it’s automatically backed up by the cloud provider, and maybe it’s not.

The takeaway from this is that everyone who stores data in the cloud should consider the implications of that data being lost or compromised. If you don’t care, it doesn’t matter, but if you find that you do, it might be a good idea to either back up that data locally, or remove critical data from the cloud.

The second issue is how did something like this happen in the first place? Surely Tumblr should be smart enough to have preempted this?

The answer, of course, is that no matter how smart they are, no one can predict and preempt every issue. They sure try, but one of the underlying principals of security is that security and functionality tend to exist in an inverse relationship, which is to say that the more functional (or powerful, or useable) you make a system, the less secure it tends to be. No software is perfect, because human beings wrote it, and humans make mistakes. It’s called being human. The more functionality you have in a system, the greater the potential for exploitable vulnerabilities. It’s as simple as that.

All the social sites build for functionality, because this is what makes their software fun to use, so no matter how hard they try, there will always be issues.

All we can do, as end users of any cloud or social sites, is to understand that our data might one day be lost or compromised, and it’s up to every individual to consider their own position, and to take appropriate precautions.

To paraphrase Obi Wan, “We will never find a more wretched hive of scum and villainy than the Internet. We must be cautious.”


Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.