You are currently browsing the Security category.
Ever wonder why Internet Security Experts are so anti-Facebook? Here is a summary of the headlines for just so far in May 2010 about Facebook:
See our posting about the “instant personalization” settings.
May 26, 2010 – Experts, such as these from Princeton (you have to page down to the Facebook issue on May 26), are wondering if the government needs to step in now and MAKE Facebook protect its users, since Facebook does not seem motivated to do it on their own.
May 25, 2010 – Facebook user phone numbers freely available on the Web – a “service” highlighting how easily third-parties can access Facebook users’ phone numbers.
May 24, 2010 – New Facebook clickjacking attack – Clickjacking is one of the most deadly attacks on the web, but it takes special situations to allow it. Facebook provides easy access to just those “special situations” that are needed to make the attacks possible.
May 24, 2010 – More Facebook users hit by “distracting beach babes” – Another Rogue Facebook Application (not providing a link, as all of the reports include the image that accompanied the virus). Facebook provides no advance checking of Facebook Applications, which can be built by ANYONE. They only address them AFTER they create problems.
May 21, 2010 – Fake joke worm wriggles through Facebook – No laughing matter – this is a further explanation of the clickjacking attack.
May 21, 2010 – Facebook isn’t Evil, We’re Just Naïve – an excellent analysis that you are kidding yourself if you do not understand Facebook’s motivation to make all your information public (and they view it as their RIGHT to do so).
May 18, 2010 – Huge video attack hits Facebook – another Rogue Facebook Application, possibly just a different presentation of the beach videos.
May 13, 2010 – Facebook Makes Security Changes as Privacy Controversy Swirls – Facebook, catching continuous heat about “instant personalization” made changes to their settings. Really so well done that they had to turn around and do it again May 25th.
May 13, 2010 – Facebook, the new phishing target – Facebook users have now reached 4th place on the list of the primary targets of phishing incidents on the web.
May 13, 2010 – Facebook IDs hacker – touted as a “win” by Facebook, while hunting down this hacker Facebook ignores the fact that they didn’t disprove anything and they themselves produced evidence that at least some of his claims and access to accounts was proven true!
May 11, 2010 – Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With “Instant Personalization” – remember that? And Facebook’s position – Not our fault, this is a Yelp problem. But they are the ones that shared your information before you could stop it, so it IS their fault that Yelp had your data to lose!
May 6, 2010 – Consumer groups hammer Facebook privacy violations in federal complaint – it’s not just Security Experts that are fed up.
May 6, 2010 – Stealth installs and adware come to Facebook – Apps secretly added to profiles, it’s just so much fun!
May 5, 2010 – Facebook Security Hole Exposes Live Chats – pretty self-exlanatory, and just another of the continuous “oh we fixed it as soon as we could AFTER it happened.”
During the month of May the major browsers were all in the news with new problems: Apple Safari, Windows IE, Mozilla Firefox, and Google Chrome, and the iPhone was identified with a couple new major problems. However, nothing matches the continuous stream of problem reports generated by Facebook.
Posted 1 year, 11 months ago by The ByteMan. Add a comment
May 26, 2010 – If you have not already shut off Instant Personalization in your Facebook settings, you need to pay attention before it is too late. The headline reads: “Amid backlash, Facebook unveils simpler privacy controls”. Once again, Facebook advocates are saying “see, they took care of that,” ignoring that they KEEP HAVING to “take care of that” OVER and OVER and OVER AGAIN. Face it, Facebook is NOT taking care of it, because Facebook makes revenue by “sharing” your private information. Why do you think their “instant personalization program” was an automatic Opt-in and you had to go WAY out of your way to get it completely shut off? Even with their new “simpler privacy settings” their “shut off switch” only closes the main door, but leaves the individual windows OPEN. Facebook puts this in tiny print on the Opt-Out page: Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application.
If you have not already shut off instant personalization, including the individual apps, then you can pretty well guarantee that your personal information is already in third-party company hands. To prevent further spread, go to your Facebook Privacy Settings / Applications and Websites / Instant Personalization: Clear the automatic “Allow” checkbox that they so “helpfully” automatically SET ON for you. Then, to prevent that “oh by the way, your friends are still sharing your information” problem, go to each of the current “instant personalization” apps and individually BLOCK them. Facebook has made it a bit difficult to find them, but if you go to each of these links, and then click on the Block Application link on that page: Microsoft Docs, Pandora, and Yelp (note that Yelp has already compromised your data if it was there, as listed in the news article posting). Facebook’s advice: go to the third party company’s web site (where you will automatically share your information) and click Block Application there, AFTER you have already shared your information. Cool! Anyway, from this point forward, you have to stay up on the news about new “instant personalization” apps, because each new application is automatically ON for you, and your friends can share your information with new companies at each opportunity, until you shut it off. Isn’t that special!
Posted 1 year, 11 months ago by The ByteMan. Add a comment
Many people continue to dismiss security concerns, ignoring blogs such as this one, that attempt to raise their awareness of how many things they do that put themselves at unnecessary risk. The mainstream media, however, is beginning to see more and more of the real picture. Hopefully the general public begins to wake up and see it as well.
We have been warning people that they need to apply a single question when deciding what information that they are going to post online. “Would my parents be comfortable with the whole world seeing this information / picture / posting?” If the answer to that question is “No!” then the information should NOT be posted online. Because, the illusion of “privacy” set aside, information posted online is visible to the whole world. So, note the final sentence of this New York Times article: “When you’re doing stuff online, you should behave as if you’re doing it in public — because increasingly, it is.”
Posted 2 years, 2 months ago by The ByteMan. Add a comment
Facebook is trying to make steps forward to fix their abysmal privacy model. However, as they try to move forward, the hackers are taking advantage of the awakened concern by users. Remember how we have cautioned for ages about Facebook Apps, and how you have no idea what they are actually doing? Well, as people have become aware that their information is being exposed, they have begun using various Facebook Apps advertised to allow you to monitor who is looking at your profile, etc. The only problem? Those Facebook Apps are actually software designed to infect your system and steal your personal and financial information. We keep warning that the hackers are very smart professionals, who know that they can make money from everybody who refuses to take their exposure seriously.
Knowledge and caution are the keys to safety!!!
Posted 2 years, 2 months ago by The ByteMan. Add a comment
In an amusing (but still alarming) story, we can see that thieves can’t be trusted anymore. The hacker economy is conducted so far out in the open, that malware (the bad programs written to steal your information) is even being misappropriated. One of the more popular botnets right now, the Zeus botnet, is driven by the Zeus Trojan malware. The author(s) sell the malware, licensing it to others so that they can create their own botnets. However, there is apparently no honor amongst thieves, as people have been “pirating” (making illegal copies) of the malware. So, the author(s) have decided to copy protect their malware, and the latest version of their software has a hardware licensing scheme built into the creator software.
Copy protection to avoid illegal copies of malware. Does malware qualify for the terms “illegal copy”?
Posted 2 years, 2 months ago by The ByteMan. Add a comment
It is no surprise to anyone that Facebook users are under attack again. There is a new botnet attack that is pretending to be a password reset message from Facebook support. Users are being tricked into downloading malware that makes their machines part of the botnet, and even users that are aware of the many security problems with Facebook can be fooled into thinking that this a real Facebook support issue.
Posted 2 years, 6 months ago by The ByteMan. Add a comment
Before any Windows users get to feeling any superior, Microsoft has released its mass of Windows updates for the month. As always, everyone needs to check for updates on a regular basis. Most systems are set to do this automatically, but everyone should still verify that they are getting their regular updates – Windows, Linux, and Mac OS.
Along those lines, remember that Adobe just released CRITICAL updates for Reader (there are phony Adobe Flash updates going around, on Facebook in particular, so do not get fooled by a phony update process). Adobe Reader updates generally DO NOT come automatically, so everyone needs to manually Check for Updates in Adobe Reader. This is very important, because new exposures are going around that use PDF files as a path onto systems. And again, this goes across all systems, Windows, Linux, and Mac OS. Everyone needs to be sure they have the latest Adobe updates.
Posted 2 years, 7 months ago by The ByteMan. Add a comment
There is an absolutely critical Adobe Reader update scheduled to come out Tuesday 10/13. The exploits are already out in the wild, so it is extremely important to get the patch installed ASAP. Once again, this is across platforms, because the exploit is for an application, not an OS. All Windows, Mac, and Linux systems need to be patched.
Posted 2 years, 7 months ago by The ByteMan. Add a comment
Researchers monitoring the Malware economy have noted the increasing revenue that criminals are generating on the internet. Income for infected machines has gone up, and Apple Mac’s are a particularly profitable venture, as discussed at the recent Virus Bulletin Conference in Geneva. The criminals spend their time where they can generate the most income, and so once again we remind people that Everybody is a target. Educate yourselves about internet safety, use your head before you do things, and really spend some time considering whether you really do need to “share” and do the things that you have become used to doing (and probably should NOT).
In an interesting note, the FBI Director has stopped banking online! Consider that situation.
Posted 2 years, 7 months ago by The ByteMan. Add a comment
As was clearly demonstrated this summer at the security conferences, iPhones are FAR from secure as far as the data that you place on them. And now we have a number of phishing and social engineering attacks that are adding onto the pile. These new attacks apply to any Smartphones (iPhones, Windows Mobile devices, Palm Pres, Blackberries, etc.). The criminals have discovered how easily compromised these devices are, and they have identified them as a goldmine. Even the Blackberry, which security researchers have identified as the most inherently secure mobile phone, are far too easily compromised through social engineering attacks. The main lesson – Be Very Careful What EMail You Open, and What Personal Information You Put On Your Phone to Begin With!!! And REALLY REALLY think TWICE (or many times more) before you install that “must have application” on your mobile phone!!! And if you are using Facebook from your mobile device, well then you probably deserve what happens to you. 
Posted 2 years, 7 months ago by The ByteMan. Add a comment