Bitdefender Blog

The last few weeks have been hot for Facebook users. After updating the Privacy Controls and silently pushing the Smart Lists , the f8 pushed the usability and privacy to a new level: Subscribers,  News Ticker and Wall facelift,  and the star of this f8, the Timeline and the new Open Graph features.

While these new features will increase interaction between users, privacy and security issues were again pushed to new limits. What should we take care of?

1. Smart Lists will push users to share more info publicly ... supplying the perfect weapon for targeted attacks

    Smart List encourages people to complete their profile with job, education and work projects. Every time when someone wants to create a list with colleagues from a specific job, they will tag this in their profile. Of course, this is generally not confidential information, and the users have the final decision in approving the info.

    But having this information public and indexable will make it easier to create high level targeted attacks. High level attackers find out exactly who is working on a specific company, what job has she/he there and even more; on what particular project are they working. And we are talking about 800 million users.



2. Subscribers could increase the number of spambots, just like on Twitter

The main difference between Facebook and Twitter attacks is that Facebook has a lot of hijacked accounts while Twitter has a huge number of spambots. With the new subscribers feature, Facebook is open to Spambots and "how to get more subscribers" schemes. Cloning Twitter features may also mean mirroring Twitter scams.

3. Everything you ever shared on Facebook is now available and easy to browse.

The Timeline is a revolution of usability. But it's also the open story of our life. If a user doesn't change the default settings for who can see the wall, this story will be available to anyone: friends, photos, places where you've checked in, relations and much more. It was available until now, but not so easy to use.




4. Health is now social... and public

The Facebook timeline considers health information social. Now it’s very easy to share health-related information such as breaking a bone, undergoing surgery or overcoming an Illness. Probably most distressing fact here is that this kind of information is set to "Public" by default.







5. Widgets ... the open door to interactive scams

Facebook introduces the "widget" concept to the new timeline. It lets developers take action on various objects. This moves the interaction to a whole new level. Until now, everyone who had an application installed interacted with his friends inside the app. Now, the app is on the user wall, so anyone who interacts with the user profile interacts with the app.

Considering the short lifetime of spammy apps, this could boost the efficiency of a scammy app. Of course, this feature is just beginning, so probably it will take a while until the scammers exploit it. But every successful viral feature has been exploited by social media scammers.

Also, by adding this level of interaction, Facebook makes another important step in moving the smallest details of user’s life in the timeline.

With more and more information in the profile, the account hijacking problem has become increasingly important. Facebook is doing a lot in eliminating noise, but I see no important step in security. After the large number of problems related to Facebook Security, I was expecting an announcement regarding  session hijacking on unsecured connection, a notable security issue for many Facebook users today.