MySpace: Since this site relies on Web mail to solicit and accept friends and the blog moderating functions have been known to have XSS vulnerabilities in the past, it is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
Facebook: Since this site allows blog posts and there is limited or no control over which of your friends appear on your home page, it is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
Twitter: An interesting site in terms of social networking in that comments and posts are allowed, but are limited to 140 characters with no HTML or JS allowed. Hyperlinks are allowed and are automatically converted to the actual HTML code by the system. Eg – http://www.cdc.gov becomes http://www.cdc.gov automatically. Comments are designed to be sent by SMS messaging, which is text based. Requests for followers come through email and can be accepted without Web mail. Whereas it does seem to be secure against XSS exploits, the site does rely on AJAX technologies and can be used to post links to malicious sites. In order to vet these links, they must be followed, which would put the system at risk. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
DailyStrength: This site relies on Web mail to solicit and accept friends, allows blog comments and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
YouTube: This site allows comments on videos and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
Flickr: This site allows comments and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO
Facebook: Since this site allows blog posts and there is limited or no control over which of your friends appear on your home page, it is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
Twitter: An interesting site in terms of social networking in that comments and posts are allowed, but are limited to 140 characters with no HTML or JS allowed. Hyperlinks are allowed and are automatically converted to the actual HTML code by the system. Eg – http://www.cdc.gov becomes http://www.cdc.gov automatically. Comments are designed to be sent by SMS messaging, which is text based. Requests for followers come through email and can be accepted without Web mail. Whereas it does seem to be secure against XSS exploits, the site does rely on AJAX technologies and can be used to post links to malicious sites. In order to vet these links, they must be followed, which would put the system at risk. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
DailyStrength: This site relies on Web mail to solicit and accept friends, allows blog comments and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
YouTube: This site allows comments on videos and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO.
Flickr: This site allows comments and has limited to no control over which of your friends show up on your main profile page. It is recommended that to use this site for CDC communications, it be done so from specially designated hardware off the CDC network following guidelines developed in conjunction with OCISO
No comments:
Post a Comment