Tower Students Blog

Facebook in the News

The ByteMan — Thu, 27 May 2010 11:21:19 +0000

Ever wonder why Internet Security Experts are so anti-Facebook? Here is a summary of the headlines for just so far in May 2010 about Facebook:

See our posting about the “instant personalization” settings.

May 26, 2010 – Experts, such as these from Princeton (you have to page down to the Facebook issue on May 26), are wondering if the government needs to step in now and MAKE Facebook protect its users, since Facebook does not seem motivated to do it on their own.
May 25, 2010 – Facebook user phone numbers freely available on the Web – a “service” highlighting how easily third-parties can access Facebook users’ phone numbers.
May 24, 2010 – New Facebook clickjacking attack – Clickjacking is one of the most deadly attacks on the web, but it takes special situations to allow it. Facebook provides easy access to just those “special situations” that are needed to make the attacks possible.
May 24, 2010 – More Facebook users hit by “distracting beach babes” – Another Rogue Facebook Application (not providing a link, as all of the reports include the image that accompanied the virus). Facebook provides no advance checking of Facebook Applications, which can be built by ANYONE. They only address them AFTER they create problems.
May 21, 2010 – Fake joke worm wriggles through Facebook – No laughing matter – this is a further explanation of the clickjacking attack.
May 21, 2010 – Facebook isn’t Evil, We’re Just Naïve – an excellent analysis that you are kidding yourself if you do not understand Facebook’s motivation to make all your information public (and they view it as their RIGHT to do so).
May 18, 2010 – Huge video attack hits Facebook – another Rogue Facebook Application, possibly just a different presentation of the beach videos.
May 13, 2010 – Facebook Makes Security Changes as Privacy Controversy Swirls – Facebook, catching continuous heat about “instant personalization” made changes to their settings. Really so well done that they had to turn around and do it again May 25th.
May 13, 2010 – Facebook, the new phishing target – Facebook users have now reached 4th place on the list of the primary targets of phishing incidents on the web.
May 13, 2010 – Facebook IDs hacker – touted as a “win” by Facebook, while hunting down this hacker Facebook ignores the fact that they didn’t disprove anything and they themselves produced evidence that at least some of his claims and access to accounts was proven true!
May 11, 2010 – Yelp Security Hole Puts Facebook User Data At Risk, Underscores Problems With “Instant Personalization” – remember that? And Facebook’s position – Not our fault, this is a Yelp problem. But they are the ones that shared your information before you could stop it, so it IS their fault that Yelp had your data to lose!
May 6, 2010 – Consumer groups hammer Facebook privacy violations in federal complaint – it’s not just Security Experts that are fed up.
May 6, 2010 – Stealth installs and adware come to Facebook – Apps secretly added to profiles, it’s just so much fun!
May 5, 2010 – Facebook Security Hole Exposes Live Chats – pretty self-exlanatory, and just another of the continuous “oh we fixed it as soon as we could AFTER it happened.”

During the month of May the major browsers were all in the news with new problems: Apple Safari, Windows IE, Mozilla Firefox, and Google Chrome, and the iPhone was identified with a couple new major problems. However, nothing matches the continuous stream of problem reports generated by Facebook.

Amid Backlash, Facebook Releases New Privacy Settings

The ByteMan — Thu, 27 May 2010 11:11:43 +0000

May 26, 2010 – If you have not already shut off Instant Personalization in your Facebook settings, you need to pay attention before it is too late. The headline reads: “Amid backlash, Facebook unveils simpler privacy controls”. Once again, Facebook advocates are saying “see, they took care of that,” ignoring that they KEEP HAVING to “take care of that” OVER and OVER and OVER AGAIN. Face it, Facebook is NOT taking care of it, because Facebook makes revenue by “sharing” your private information. Why do you think their “instant personalization program” was an automatic Opt-in and you had to go WAY out of your way to get it completely shut off? Even with their new “simpler privacy settings” their “shut off switch” only closes the main door, but leaves the individual windows OPEN. Facebook puts this in tiny print on the Opt-Out page: Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application.

If you have not already shut off instant personalization, including the individual apps, then you can pretty well guarantee that your personal information is already in third-party company hands. To prevent further spread, go to your Facebook Privacy Settings / Applications and Websites / Instant Personalization: Clear the automatic “Allow” checkbox that they so “helpfully” automatically SET ON for you. Then, to prevent that “oh by the way, your friends are still sharing your information” problem, go to each of the current “instant personalization” apps and individually BLOCK them. Facebook has made it a bit difficult to find them, but if you go to each of these links, and then click on the Block Application link on that page: Microsoft Docs, Pandora, and Yelp (note that Yelp has already compromised your data if it was there, as listed in the news article posting). Facebook’s advice: go to the third party company’s web site (where you will automatically share your information) and click Block Application there, AFTER you have already shared your information. Cool! Anyway, from this point forward, you have to stay up on the news about new “instant personalization” apps, because each new application is automatically ON for you, and your friends can share your information with new companies at each opportunity, until you shut it off. Isn’t that special!

Mainstream Media is Catching On – When Will the Public?

The ByteMan — Wed, 17 Mar 2010 18:42:45 +0000

Many people continue to dismiss security concerns, ignoring blogs such as this one, that attempt to raise their awareness of how many things they do that put themselves at unnecessary risk. The mainstream media, however, is beginning to see more and more of the real picture. Hopefully the general public begins to wake up and see it as well.

We have been warning people that they need to apply a single question when deciding what information that they are going to post online. “Would my parents be comfortable with the whole world seeing this information / picture / posting?” If the answer to that question is “No!” then the information should NOT be posted online. Because, the illusion of “privacy” set aside, information posted online is visible to the whole world. So, note the final sentence of this New York Times article: “When you’re doing stuff online, you should behave as if you’re doing it in public — because increasingly, it is.”

As people begin to wake up, they still get caught

The ByteMan — Wed, 17 Mar 2010 18:32:40 +0000

Facebook is trying to make steps forward to fix their abysmal privacy model. However, as they try to move forward, the hackers are taking advantage of the awakened concern by users. Remember how we have cautioned for ages about Facebook Apps, and how you have no idea what they are actually doing? Well, as people have become aware that their information is being exposed, they have begun using various Facebook Apps advertised to allow you to monitor who is looking at your profile, etc. The only problem? Those Facebook Apps are actually software designed to infect your system and steal your personal and financial information. We keep warning that the hackers are very smart professionals, who know that they can make money from everybody who refuses to take their exposure seriously.

Knowledge and caution are the keys to safety!!!

Not even thieves can be trusted anymore!!!

The ByteMan — Wed, 17 Mar 2010 18:25:59 +0000

In an amusing (but still alarming) story, we can see that thieves can’t be trusted anymore. The hacker economy is conducted so far out in the open, that malware (the bad programs written to steal your information) is even being misappropriated. One of the more popular botnets right now, the Zeus botnet, is driven by the Zeus Trojan malware. The author(s) sell the malware, licensing it to others so that they can create their own botnets. However, there is apparently no honor amongst thieves, as people have been “pirating” (making illegal copies) of the malware. So, the author(s) have decided to copy protect their malware, and the latest version of their software has a hardware licensing scheme built into the creator software.

Copy protection to avoid illegal copies of malware. Does malware qualify for the terms “illegal copy”?

ByteMan Episode Seven

The ByteMan — Sat, 27 Feb 2010 20:38:13 +0000

The seventh Episode is ByteMan Musical II. This was another file that needed to be captioned, and be patient because it is very large.

ByteMan Episode Seven
To subscribe on iTunes, use the URL http://www/towerstudents.com/blog/podcast

ByteMan Episode Six

The ByteMan — Wed, 27 Jan 2010 01:14:08 +0000

This sixth Episode is ByteMan the Musical. We were a bit delayed in getting this posted, due to the captioning that had to be done so that everyone could understand the lyrics to all the songs . As always, this podcast is a large file, so please be patient.

ByteMan Episode Six
To subscribe on iTunes, use the URL http://www.towerstudents.com/blog/podcast

We use the “Apple” podcast standard file format, MP4, for our video podcasts. It has come to our attention that in certain non-standard situations, Windows does not integrate fully with Apple Quicktime, and this may present itself with only the sound playing without the video image. If this happens to you, most situations are solved by selecting the Download option, which should open another window/tab and then play the video podcast normally in that new browser window. Or, as an alternative, you can use the Windows Media versions on the podcast Windows Media page.

ByteMan Episode Five

The ByteMan — Thu, 17 Dec 2009 13:49:28 +0000

In this fifth Episode, our heroes try to get a good view of our villains, but end up getting reminded that Clickjacking remains a serious (and fundamental) problem with all of the current popular browsers on the market. Most experts agree that until the browser manufacturers can address how to take care of this problem, users need to understand how to control scripts running in their browsers – and the one combination that is recognized as the best tool in this fight is the latest Firefox browser in combination with a tool called NoScript. Short of using that combination, your best tool is a sticky note covering your webcam. As always, this podcast is a large file, so please be patient.

ByteMan Episode Five
To subscribe on iTunes, use the URL http://www.towerstudents.com/blog/podcast

ByteMan Episode Four

The ByteMan — Fri, 20 Nov 2009 08:54:04 +0000

In this fourth Episode, our hero and our villains learn the hard way that the internet and online interaction can be easily misunderstood, and that they are no substitute for a good friend. Oh, and it also asks the question (or he does anyway) “Does ByteMan need a Theme Song?” Members of the Tower Students Forum can vote whether ByteMan needs one, and also what it should be… As always, this podcast is a large file, so please be patient.

ByteMan Episode Four
To subscribe on iTunes, use the URL http://www.towerstudents.com/blog/podcast

ByteMan Episode Three – Re-post

The ByteMan — Fri, 20 Nov 2009 08:11:23 +0000

Because of how iTunes handles updated posts for podcasts, we have re-posted Episode 3 as a new entry so that it hits iTunes as a new post.

In this third Episode, our hero is trying to determine how people’s personal information keeps finding its way into the hands of bad people. It is a large file, so please be patient.

ByteMan Episode Three
To subscribe on iTunes, use the URL http://www.towerstudents.com/blog/podcast