Steve™
Management
Number of posts : 2447
Home : At Home
Humor : If Im Not Back Later... Wait Longer
Registration date : 2007-07-30
 | Subject: It's Official, FaceBook Is Dangerous : 3 Articles  Fri May 28, 2010 11:51 pm | |
| the BBC looked into facebook to see how safe or unsafe it is, - Quote :
- The BBC today published a harrowing report that third-party Facebook applications can access your personal data. Halfway through my reactive bout of running in circles and screaming in panic, I had to take a moment to wonder exactly where the BBC has been for the past year?
According to the report, the BBC, with the help of its crackerjack technology program Click, created a malicious third-party application to run on Facebook. The organization then made up a profile for some frat guy "Bob Smith," and went to work on stealing his personal data. (Sigh. Poor Bob...)
The BBC reports: "While we could not get all details, what we did get, included his name, hometown, school, interests and photograph, would certainly help us to steal someone's identity." Or, at very least, his lunch money.
The story would have been at least mildly interesting if the BBC exposed current, real applications that are eating our data in a malicious fashion, but alas: "We do not know of any specific application which abuses user information, apart from ours."
Well, then. Look who's malicious now!
The point of the expedition was to prove that Facebook's third-party applications acquire user data and, in turn, can leave users vulnerable should the app have ill intentions. Simply by reading Facebook's terms and conditions, or a blog, or a tea leaf, users would have figured this out themselves without putting old Bob Smith to work.
This idea that Facebook and its platforms aren't to be fully trusted is something we've been aware of for quite a bit of time. In fact, one of the issues the BBC "discovered" -- that we are responsible for our friends' data security -- is something one of our ThinkerNetters Mary Madden wrote about in her blog on Internet Evolution this week. Perhaps the BBC should spend less time in its mad scientist lab and more time on the blogosphere? Hmm?
This great, big, evil problem it claims to have exposed is not a homegrown Facebook problem -- it's an Internet problem. The moral of their story is that, although it's not happening right now, someone at some time on the Internet could create something that may harm you in one way or another. - Quote :
- Facebook: The most dangerous site on the web?
Social-networking users relinquish their ID for free
There can be few regular internet users who haven't heard of Facebook.com, the social-networking phenomenon launched in February 2004. The brainchild of Mark Zuckerberg, Facebook was originally intended for US college and university students – the term is derived from the book of faculty members' mug shots that's handed out to new students each year.
Facebook offers various privacy options. You can sign up to a regional network and make your profile available only to people on that network, for example. You can be a member of up to five networks and some of them are huge – London's network has almost 900,000 members. Within networks people can form and join up to 200 public or private groups. Here, members can share information and experiences with friends and meet new people via their profiles – or not, if they should so wish.
Facebook has grown rapidly and now has more than 34 million registered users worldwide. The site depends on advertising revenue, which in 2006 amounted to $54m (about £27m). Facebook is valued at over $8bn, which spells business success in anyone's language.
Everything in Facebook's digital garden should be rosy. But there's a fly in the ointment. Facebook's signup procedure asks for a fair amount of personal information, which then joins the data of other users on a server. This is meant to be secure, but recent events have planted doubt in users' minds.
Unintentional hacker
In July, a UK office worker logged into his Facebook account as usual, only to find that as he clicked around he was being shown other people's private pages – most notably, other users' message inboxes. Further clicking revealed other areas of people's accounts, though the important personal data entries were hidden.
Facebook reacted rapidly, taking sections of the UK site offline for several days while it tackled the problem. The company claimed the error was caused by programming bugs, which caused some third-party proxy servers to cache otherwise inaccessible content and randomly display it to users.
Also in July, a user discovered a cross-site scripting hole in the Facebook platform that could inject JavaScript into other people's profiles. This could be used to import a customised content management system, which could in turn be used to violate privacy rules or create a worm. This hole took two and a half weeks to fix.
Events such as this can undermine confidence, no matter how rapidly a company acts to plug the holes. And data security fears have caused some users to consider closing their Facebook accounts – except that, to their surprise, they can’t.
Do not destroy
The site provides no means by which an account can be permanently closed, offering only the option to deactivate an account. Personal information remains on Facebook’s servers in case the user later wishes to reactivate their account. Future security breaches could mean the disclosure of personal details from these accounts.
Possibly the most disturbing story of all, however, comes from the highly respected internet security firm Sophos. Sophos set up a fake Facebook profile under the name of 'Freddi Staur' (an anagram of ID fraudster) and asked 200 randomly selected people to provide personal information. Freddi Staur's profile was accompanied by an image of a small green frog, as well as some personal information about Freddi.
Don't speak to strangers
Of the 82 respondents, 72 percent divulged their email address; 84 percent provided their date of birth; 87 percent provided work or educational information; 78 percent gave their address; 23 percent stated their phone number; and 26 percent gave their screen name. Many users disclosed information about their employers and their partners, while one person provided his mother's maiden name – something very often used as a secret password to access financial account information. Very few of us would provide this type of information to someone we met in real life, but we're quite happy to give it to a total stranger online.
The security problems experienced by Facebook are serious, but they will be patched and fixed eventually. Yet the potential for identity theft is disturbing. No matter how hard social-networking sites try, they simply can’t protect people from themselves. The moral of this story is pretty straightforward and applies to everyone who uses a Facebook account. Protect your personal data as if it were a matter of life and death and don’t rely on anyone else to do it for you. You wouldn’t dream of giving your address to some bloke on the bus, so why give it to a frog on a website? - Quote :
- Facebook's Farm Town hit by scareware advert attack Hackers pollute adverts of popular online game
IT security and data protection firm Sophos is warning players of the popular Facebook game "Farm Town" to scan their computers after it was revealed that the site has been delivering adverts laced with malware.
According to a statement on the website of "Farm Town" developers SlashKey, third-party adverts appearing alongside the game's window are putting users at risk of infection through fake anti-virus alerts, designed to scam users out of their credit card details.
Fake anti-virus software (also known as scareware) attempts to frighten users into believing that their computer is infected with viruses and Trojan horses by displaying bogus alerts, and then tricks unsuspecting surfers into making an unsafe purchase to remedy the "problem". Hundreds of Farm Town users have reported problems over the weekend, but Sophos warns that many others may be unaware that they have fallen foul of the attack.
"Farm Town has over 9.6 million monthly players on Facebook, and poisoned adverts appear to be trickling onto their PCs from a third-party advertising network," said Graham Cluley, senior technology consultant at Sophos. "Players of games like Farm Town are not all geeks, and might easily fall hard and fast for a bogus security warning - straight into the hands of hackers.
Sophos believes that SlashKey should make its players security, rather than its advertising revenue, its top priority.
"Rather than SlashKey simply asking its players to report offending adverts when they appear, the company should disable third-party Farm Town adverts until the problem is fixed," added Cluley. "Doing anything less is surely showing a careless disregard for the safety of its players. Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software."
Sophos advises that both consumers and businesses need to keep their wits about them to avoid scareware attacks.
"It's essential that computer security is kept up-to-date and that every webpage is checked for dangerous code and links," continued Cluley. "Third-party advertising networks need to do a much better job of thoroughly checking that the ads they are carrying are not polluted with malware."
Sophos notes that this is not the first time that hackers have managed to infect a high profile website with significant traffic. For instance, last year the New York Times suffered from a similar attack after a gang of hackers purchased ad space posing as a legitimate internet telephone company. Visitors to the New York Times website who were served the poisoned advert saw pop-up messages warning them that their computer had been infected, and urging them to install scareware.
"Scareware attacks like this are on the rise for one simple reason - they work. Unsuspecting computer users are easily frightened by bogus security warnings into installing and purchasing fake anti-virus software, making cash for unscrupulous hackers" explained Cluley | |
|
