Wednesday, 26 March 2008

More Facebook trouble afoot?

Facebook Community

From vnunet.com 25.03.08

Security researchers claim to have uncovered a new wave of attacks in which profiles on Facebook are used to post images of child torture.

The attack was reported by Chris Boyd, director of malware research at FaceTime Communications.

Boyd claimed in a blog posting to have discovered multiple instances of the attacks in which accounts were stolen and used to post photos on other pages.

"I am still trying to process this, but one of my close contacts has confirmed there is someone going around either hijacking, hacking or phishing user accounts on Facebook, then randomly uploading pictures of child torture to their funwall," he wrote.

I really wanted to put the series of Facebook-related posts to bed by now. It seems like I've been blogging my feelings about the social networking site and other news stories relating to it all too frequently in the last few months. That said, there's a lot that merits discussion when it comes to the darker side of Facebook.

Regarding this latest story, account hijacking is always a big risk for any large site with sign-in facilities. When you get so many users, trouble often ensues: you become a bigger target for hackers, users still insist on choosing insecure passwords, 3rd party applications often bring in unwanted security threats etc. Still, Facebook just seem to be making a bad name for themselves. What with Facebook's plan last year to sell their users' personal information and the multitude of privacy issues that I've highlighted previously on law actually, here's to hoping that the millions of users that flock to Facebook everyday, soon wake up and smell the coffee.

With so many applications being written for Facebook now - coupled with users' propensity to litter their pages with them - it was only a matter of time before trouble reared its head. And let's face it: Facebook is a potential hotbed for all kinds of malware and vulnerabilities to thrive; a digital ambush just waiting for the millions of FB users around the world to sign in and join the party. Arguably, Facebook should be doing more to actively guard against vulnerabilities that its users are subjected to. It would be much better for security purposes if all Facebook apps needed to go through a strict verification process and be 'signed' by Facebook before release. Creativity and freedom for developers must sometimes take second place behind ensuring a safe and secure experience. For instance, what Apple have elected to do with 3rd party applications for the iPhone - since recently announcing they would officially release an SDK for developers - is a credible paradigm that Facebook would do well to mimmick.

7 comments:

  1. The campaign continues unabated!!

    ReplyDelete
  2. Absolutely! Are you up for signing my petition, Minxy? :-P

    ReplyDelete
  3. http://www.maximumpc.com/article/how_you_used_to_view_private_photos_on_facebook

    Oh boy. Is there no end to this stuff?

    ReplyDelete
  4. hi there :)

    It's worth noting that the vnunet article mentions a "wave", and quotes most of the blog post but NOT the part where I actually mention numbers - and those numbers were, two profiles apparently tampered with in some way that were both on one persons friend list, and only one of those alleged to have had the images posted to it.

    Note sure how they turned one profile reported to me containing dubious images into a "wave", but worth keeping in mind. This is quite possibly an isolated attack on two people - or at least, I hope it is. I've already deleted most (if not all) image apps from my own facebook page.

    ReplyDelete
  5. That person who found that facebook flaw must've been really, really sad... Who cares about some people's 'private' photos? _-_

    ReplyDelete
  6. I've just discovered that the Information Commissioner's Office have a dedicated page for the 'youth' of today to help protect their identity online and use Facebook, Myspace and Bebo safely. At least it's something, I guess.

    http://www.ico.gov.uk/youth.aspx

    ReplyDelete