Security Firm: Facebook Should Better Protect Its Users


Web security firm Sophos has penned an open letter to Facebook, addressing some of the ongoing safety and privacy issues associated with the social network.

The letter — which is brief — highlights three steps that Sophos’s technology consultants and security analysts think Facebook should take to better protect its users and improve overall security.

Through its Naked Security blog, Sophos frequently tracks various phishing scams and clickjacking attacks that appear on Facebook with growing frequency.

When it comes to security, Facebook’s servers and login system have a solid track record of keeping its systems clean and breaches to a minimum. Instead, the real security threats are from phishing scams and rogue Facebook apps.

To combat some of these issues Sophos’s Graham Cluley says that Facebook should consider adopting the following policies:

  • Make privacy the default, rather than the opt-in.
  • App developers and apps should be vetted and approved before being published to the platform.
  • HTTPS should be used for everything and be on by default.

We think these suggestions make a lot of sense — especially the call for privacy defaults and HTTPS for everything. Although we wholeheartedly agree that there should be significantly more oversight added to the application approval process, the sheer number of registered Facebook developers and Facebook apps makes implementing a stricter approval process more difficult.

What do you think of Sophos’s letter? What changes do you think Facebook should make to improve user security and privacy?

More About: facebook, facebook privacy, Facebook security, privacy, security, sophos, trending

For more Social Media coverage:

Facebook Account Security | Here’s Your Sign

Yes, I make most of my living working with Facebook. But, sometimes I just wish one of the little cyborgs would materialize in front of me so that I could smack it in the back of the head and say, ‘Seriously, WTF were you thinking?”

It used to be that to access your account from a new location you would need your access information and full birthday. That’s it. I originally thought that was stupid because there are so many people that display their full birthday on their profile and that it just wasn’t a security feature at all. So, then Facebook turned up the security half-a-notch and made it so that the user was notified when their account was accessed from a new location. Ok, I can see the point in that. Not exactly very secure, but ok.

Well, the cyborgs came up with a whole new security solution! Check it out! This is just pure genius in the making!

Facebook now has a new security feature where if you access your account from a new location you have to answer a few simple questions about your ‘friends’. Specifically, you have to identify 7 of them (you can miss two) from images that they (or anyone else Facebook-wide) has tagged of them. Seems like a pretty good idea right?

Yeah, if you have 50 friends that you actually know, that each has maybe 50 friends that they actually know. And ALL of those friends ONLY tagged pictures of them with their actual face in them, not their childhood pics, not their dog, not their kids or what-have-you. Come on Facebook, really? They allow 5,000 connections and THIS is a security feature?

Seriously now, why wasn’t I invited to the 4:20 meeting where the Facebook security expert team sat up and said, “Hey, if they want to access their account from a new location just make them identify 5 images of 5,000 random friends to get back into their account!” BRILLIANT!

So basically, if you take a vacation and try to access your Facebook from a computer that you have never used before, then you are going to be in friend-hell until you can identify 5 of 7 random pics. Oh, and did I mention that if you get it wrong the first time you have to wait an hour to try again? And don’t think accessing it from your computer at home is going to unlock your account, because your account is LOCKED buddy! You are not getting in until you identify 7 random people period! Enjoy your vacation!

I am no security expert, but I have to say that there are other ways of securing accounts. Even Senators are complaining that Facebook APIs leak all kinds of personal information about you and your friends, but if you want access to your account from a remote computer…. Well THAT’s secure now… even from you!

Facebook: You Must Register Your Computer. The Borg is Watching You!

Normally I am a Facebook enthusiast for using the social network in your online real estate marketing strategy. Lately, however, I’m starting to have some doubts.

This morning, as I was managing my client’s accounts, I had to log out of Facebook for just a moment and then log back in. That’s when I saw it; a mid-login notice to ‘Register your Computer’.  You can’t get past it (I tried). They might as well have put a notice that “resistance is futile”.

Nope, sorry, no way around it. You are not getting on to Facebook unless you ‘name’ your computer.

Is this Facebook’s sudden ‘answer’ to all the controversy over security issues and spotlight in the news as to their use of private information?  With so many people getting upset about privacy issues and talking about completely deleting their Facebook accounts, I can only image that this was somehow Facebook’s alternative to actually taking the time to educate users on managing their privacy settings and taking control of their accounts.

What is your take on all the Facebook controversy? Will you still use Facebook to market your real estate business?

Facebook Security: Limiting Application Access

Quick tutorial on how to view all of the applications that have access to your personal information on Facebook and how to remove them.

20 visitors online now
3 guests, 17 bots, 0 members
Max visitors today: 41 at 05:37 pm EDT
This month: 65 at 04-16-2014 05:21 pm EDT
This year: 66 at 02-14-2014 12:42 am EST
All time: 279 at 10-18-2013 05:24 am EDT
Get Adobe Flash player