There are social networking websites but then it is marred with lack of defenses at social networking sites. According to Brad Fitzpatrick and his website LiveJournal.com, 1.5 million users post diary entries to be shared with friends, colleagues and family. It is not surprising that most of the members post extremely sensitive and personal information in their journals.

Members of social networking sites post everything from their suicide plans to professional sabotage and even their wild fantasies or sexual adventures. Brad Fitzpatrick has no pretensions about agreeing to the fact that security has been the least of priorities at LiveJournal.com. When members come to the initial login page, they send their passwords in the clear. But Fitzpatrick has also added that they are hoping to change this next month although the top priority is still the site performance.

The Story from Here
Let us look through an example as to what really happens in these websites or at livejournal. John (It is not his real name) is a LiveJournal.com user and his account has been compromised. He has no clue about what has really happened and how. One fine morning he logged in as usual and discovered that a huge part of his journal entries had been deleted. Now no one really knows who did it and what was the motive. The attacker didn't just stop there; he or she also did the same to his friends' journal entries too. The result is that Paul changed his password with immediate effect and fixed the problem but the damage has been done.

He said that his friends were really upset and this has also created a sense of bad feeling within their group. One of his friends even feared that she might lose her job as she had made a private entry in the journal book regarding her problems with her supervisor. She says that it is still cached in Google although it is very tough to find the information unless someone is technically very sound.

Another social discovery website called Tribe.net also has a weak security system. The member base has increased by almost 65,000 since it's launch six months back. Paul Martino, the CTO of Tribe, chuckles at the idea of using a SSL for member logins. According to him they don't need high industrial strength encryptions for the website member logins. They use standard security techniques like unique session IDs. But if you speak with a security professional they will clearly tell you the various ways to beat a unique session ID. So at the end of the day, the security measures are just not enough. This is something that such websites need to remember because they cannot play the members for too long.