Tag Archive: facebook security


want to prevent criminals from hacking your Timeline? Ignore those alarmist Facebook status updates and follow these steps instead.

Concerned about the security of your Facebook account? You should be. As the Wall Street Journal recently reported, “social spam” is the new black among the black hats. But that doesn’t mean you should believe every silly rumor and/or status update you see about it.

Lately I’ve been seeing the following status update crop up on the walls of some of my otherwise savvy friends:

Hello friends, as you all know I like to keep my FB private except to those I am friends with. So if you all would do the following, I’d appreciate it. With the new FB timeline on its way this week for EVERYONE, please do both of us a favor. Hover over my name above. In a few seconds you’ll see a box that says : "Subscribed". Hover over that, then go to "comments and likes" and unclick it. That will stop my posts and yours to me from showing up on the bar side for everyone to see, but most importantly it limits hackers from invading our profiles. If you repost this I will do the same for you. You’ll know I’ve acknowledged you because if you tell me that you’ve done it I’ll "like" it.

This is, of course, donkey manure. It is yet another hoax some dork without a life started propagating across Facebook a few weeks or months ago. It’s harmless, but it is also full of misinformation. To wit:

First: Though Timeline will be rolled out to all Facebook users sometime soon, I think the privacy concerns are overblown. Unless you have a dark Facebook history you’re trying to hide, there’s no cause for alarm (and if you do have a dark Facebook history, you’ve got bigger problems than Timeline).

Second: Yes, you can follow the instructions to manage what you subscribe to and from whom. But all you’ll achieve is banishing your friends’ likes and comments from your News Ticker. Period, full stop. You’ll still see their posts in your News Feed or on their walls; it does nothing – nada, zilch, squat – to protect you from hackers.

You want to protect yourself from being hacked? Do this.

Make sure you’ve enabled Secure Browsing

That uses an encrypted (https) connection instead of the standard one, which scrambles your data so that creep sitting behind you in Starbucks can’t use Firesheep or a similar network sniffer to steal your Facebook logon out of the air.

Turn on Secure Browsing in FacebookTurn on Secure Browsing in Facebook

If you don’t already have this turned on, here’s how to do it: Go to your Account Settings. Click the Security icon on the left and select Secure Browsing * Edit. Put a checkmark in the box next to “Browse Facebook on a secure connection (https) when possible.” Click Save Changes, and you’re done. Easy peasy.

Turn on Login Notifications

This will alert you when your Facebook account has been accessed from a new device. Follow the same steps as above, only select the next item on the list. If somebody who isn’t you is accessing your account, you’ll get an e-mail.

Add a security code to new devices

If you want to be extra cautious, go to item number three in the Security Settings and set up Login Approvals. This will send a new passcode to your mobile phone every time you log into Facebook from an unknown device, which you’ll then have to use as your login password. It’s a bit of a hassle, so only do this if you’re really concerned about Facebook security (or more paranoid than the average bear).

Change your password early and often

Yes, I usually ignore this too. But if you get alerts about somebody accessing your account who isn’t you, or see weird posts and messages on your Facebook page that you didn’t put there, odds are good somebody hacked or guessed your password. First step in the recovery process is to change your password ASAP. Follow the usual advice about using upper/lower case letters, numbers, oddball characters, etc. Yes, it’s annoying, but it’s also just as annoying to hackers, and that’s the point.

One caveat on the above: If somebody’s already hacked your email account, they’ll also be getting all your password recovery emails. So you’d better secure that first, following the same steps.

Do not fall for the Remove Facebook Timeline scamDo not fall for the Remove Facebook Timeline scam. (Source: ZDNet’s Zero Day blog)

Be wary of scams

For example: the bogus “Remove Facebook Timeline” scam that is now circulating. Clicking “Continue” or “Like” on that one could allow the scammer to hijack your account. If you see an alarming message in somebody’s Facebook status updates, visit Snopes.com or just Google it and check it out before buttering it all over your page too. Odds are it isn’t what you think.

Be smart

Going out on the InterWebs without adequate security software – anti-virus, anti-malware, anti-you-name-it – is like wandering into a tigers cage slathered in Everett & Jones barbecue sauce. If your PC has been compromised by a keylogger or remote access Trojan (RAT), none of these defenses will do you much good. There’s a word for people who go online without adequate protection, and that word is “lunch.”

as said by Dan T

Advertisements

 

imageAnother day, another Facebook privacy fiasco. And this time it’s a doozy according to security experts at Symantec. Symantec found Facebook has accidentally exposed users’ info to third parties, including advertisers, for the past four years. But we do have a solution to fix it..look at the bottom of post to know how.

The good news is once Facebook was alerted the problem the social network took action. But, some Facebook users might still be vulnerable to a digital invasions of privacy unless they take action. Here is what happened.

The Facebook Privacy Flub

Symantec claims Facebook has not only leaked private data such as your sex and your age, but for the past four years third-parties have had access to such goldmines as your profile, photos, and chats. Symantec also blats Facebook for giving third parties the ability to post things to your wall.

Luckily, there’s an upside–Symantec says it’s likely that said third parties weren’t even aware of the data mines sitting under their feet. After all, the leakage was accidental.

How it Happened

According to Symantec, certain Facebook applications have been inadvertently leaking "access tokens" to third parties such as advertisers and analytic platforms. Symantec estimates that close to 100,000 Facebook apps were enabling this leakage in February 2011.

When you install an application on your Facebook account, a little window pops up. This window usually asks you to give the application certain permissions, such as the ability to see your info and publish posts to your wall. When you click "Allow," the application is granted these permissions–which are also known as "access tokens."

Most of these access tokens expire after a short period of time, but Facebook also allows applications to request "offline access tokens." Offline access tokens allow the application to access your Facebook account even if you’re logged off, and do not expire until you change your Facebook password.

According to Symantec, in the process of granting access tokens to applications, Facebook has been inadvertently dropping the same tokens to third parties. Facebook introduced third-party applications in 2007, so there’s no telling how many access tokens were dropped in the past four years.

What it Means for You

Facebook has been alerted to the situation and has fixed the problem, Symantec is happy to report. However, third parties may still be able to access your information if they were given offline tokens that don’t expire until you change your password.

 

So this means you should change your password.

And probably, stop trusting Facebook. But that’s another story.

 

as said by By Sarah Jacobsson Purewal

Protect your Facebook Profile: Part 2

Who Owns Your Facebook Data?

Analysis: Right now, it’s not you — But you might be able to take control of your creations with the help of new tools.

On the surface this seems like a silly question. Surely you own your Facebook photos, status updates, notes, links, or anything else you’ve shared. Because, after all, you put them there. Right?

Not necessarily. Facebook’s terms of service make it clear that, while you technically “own” your own stuff, you’re granting them “a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post.”

In other words, you own it, but they can do whatever they want with it. Hence the “sponsored stories” Facebook just announced: Ads that use your profile picture, based on your Likes and Facebook Places check-ins, without asking you. (See “Facebook ads use your face for free.”)

[ See also: What the frak is Quora? ]

Even if Facebook doesn’t do anything with your content, other people might. Depending on your privacy settings, your updates and comments could easily appear on another site (like Openbook) or be downloaded and shared by anyone who has access to your Facebook feed.

Shouldn’t you be the one making the decisions about who uses your stuff? That’s what the good folks at Reputation.com (formerly Reputation Defender) believe. So they introduced uProtect.It, a free Javascript-based browser plug in that provides another layer of privacy over what you post on Facebook.

Install the uProtect.It button in your browser toolbar. When you want to protect a status update, comment, or photo, click the button; your Facebook header will glow a John Boehner-like orange. Write your comment or upload your photo, and click the orange Encode button. Voila – all your friends will see is that you “made a protected post” and give them a URL where they can log in to decode it.

ty4ns uprotect it 1

You can set permissions as to which of your friends get to decode your post; those who aren’t on the list see a blank page when they click the link. Any comments appended to a protected post are also protected. And because the posts are actually stored on Reputation.com’s site, not Facebook’s, you have total control over them. You can delete them permanently, or set expiration dates for each thing so that after a few days it just goes “poof.”

ty4ns uprotectit 2 comments

That’s the cool part. The not-so-cool part? uProtect.It is in public beta, and it shows. Features seem to change on an almost daily basis. It is crash prone, especially when trying to modify the list of friends who receive posts. And if your friends want to read anything you posted using uProtect.It, they have to install the uProtect.It Facebook app. Ironically, the app’s extensive permissions disclosure — it requires access to nearly all of your information — scared off some of my more privacy savvy friends.

ty4ns uprotectit 3 - permissions

If all you want to do is limit who sees certain posts on Facebook, using Facebook’s lists feature is a much better way to do it. If you’re posting something ultra sensitive to one or two people that you don’t want Facebook to get its grubby mitts on, it’s a better call. Then again, at that point you might as well email the thing to them.

Still, you have to admire what Reputation.com is trying to achieve. I spoke with Reputation.com COO and co-founder Owen Tripp, who readily acknowledges that uProtect.It isn’t quite ready for prime time, yet.

“We wanted to put this product in as many hands as possible and listen to what they had to say so we could make it better,” he says. “We thought Facebook was the most urgent, so we started there. It’s not just the visibility of the comments and photos you post, it’s the fact that once they’re out there, people who are not you can own them forever.”

Reputation.com knows a thing or two about Internet privacy; for the last three years it has managed to create a profitable business out of removing harmful information from the Internet for its clients, and for letting people know exactly how much information is available about them online. A lot of companies have crashed and burned in the privacy biz, but Rep.com appears to be thriving.

Tripp says their ultimate goal is to provide a service that lets you store your posts, tweets, pictures, ad nauseam on a machine you control, whether in your home or in the cloud.

“Facebook is the center of the social media world, but we have the same ambitions for Twitter, Flickr, or any place where you’re sharing personal details. We think people should have control over their own information. Period, end stop. No social platform will provide that on their own.”

Amen, brother.

as said by Dan Tynan

%d bloggers like this: