My Bitdefender
  • 0 Shopping Cart

Bitdefender Blog

Five serious security and privacy concerns after f8

by , on 26 September 2011

While the Facebook new features will increase interaction between users, privacy and security issues were again pushed to new limits. What should we take care of?

The last few weeks have been hot for Facebook users. After updating the Privacy Controls and silently pushing the Smart Lists , the f8 pushed the usability and privacy to a new level: Subscribers,  News Ticker and Wall facelift,  and the star of this f8, the Timeline and the new Open Graph features.

While these new features will increase interaction between users, privacy and security issues were again pushed to new limits. What should we take care of?

1. Smart Lists will push users to share more info publicly ... supplying the perfect weapon for targeted attacks


    Smart List encourages people to complete their profile with job, education and work projects. Every time when someone wants to create a list with colleagues from a specific job, they will tag this in their profile. Of course, this is generally not confidential information, and the users have the final decision in approving the info.


    But having this information public and indexable will make it easier to create high level targeted attacks. High level attackers find out exactly who is working on a specific company, what job has she/he there and even more; on what particular project are they working. And we are talking about 800 million users.



2. Subscribers could increase the number of spambots, just like on Twitter

The main difference between Facebook and Twitter attacks is that Facebook has a lot of hijacked accounts while Twitter has a huge number of spambots. With the new subscribers feature, Facebook is open to Spambots and "how to get more subscribers" schemes. Cloning Twitter features may also mean mirroring Twitter scams.

3. Everything you ever shared on Facebook is now available and easy to browse.

The Timeline is a revolution of usability. But it's also the open story of our life. If a user doesn't change the default settings for who can see the wall, this story will be available to anyone: friends, photos, places where you've checked in, relations and much more. It was available until now, but not so easy to use.




4. Health is now social... and public

The Facebook timeline considers health information social. Now it’s very easy to share health-related information such as breaking a bone, undergoing surgery or overcoming an Illness. Probably most distressing fact here is that this kind of information is set to "Public" by default.







5. Widgets ... the open door to interactive scams

Facebook introduces the "widget" concept to the new timeline. It lets developers take action on various objects. This moves the interaction to a whole new level. Until now, everyone who had an application installed interacted with his friends inside the app. Now, the app is on the user wall, so anyone who interacts with the user profile interacts with the app.

Considering the short lifetime of spammy apps, this could boost the efficiency of a scammy app. Of course, this feature is just beginning, so probably it will take a while until the scammers exploit it. But every successful viral feature has been exploited by social media scammers.

Also, by adding this level of interaction, Facebook makes another important step in moving the smallest details of user’s life in the timeline.

 

With more and more information in the profile, the account hijacking problem has become increasingly important. Facebook is doing a lot in eliminating noise, but I see no important step in security. After the large number of problems related to Facebook Security, I was expecting an announcement regarding  session hijacking on unsecured connection, a notable security issue for many Facebook users today.
 

On Sep.26.2011 20:30

joanne kane said

I just paid for this and it wont recognize my email address . 55AIMFP
ref# 26130703 , John Kane . email should be joanner4k@yahoo.com.

On Sep.26.2011 20:34

John Kane said

I just bought this product - it wont recog my email joanner4k@yahoo.com
55AIMFP Ref #26130703

On Sep.29.2011 19:44

Marquisa said

Hopefully with all of the concern about privacy floating around the new changes users who have been lax with their privacy settings will actually take the time to adjust them.

I know I'm vigilant about checking my security settings & making sure I'm not sharing EVERYTHING with the world.

I'm not liking the way the whole widget/app thing sounds, though.

On Oct.10.2012 11:28

VIJAY AGARWAL said

sir my cellular phone is continuosly getting sms from the server of bitdefender i dont know how to de-link it.
i am very disturbed by the unwanted sms from your server please let me the process how to de-link it.
my cell no is- +919960137137

Daily "Did you know?"

On July 31, 2008, the Koobface computer worm started to target users of Facebook and MySpace; and new variants still constantly appear.

Authors

  • Bitdefender Security Specialists
    Bitdefender Labs
  • Catalin Cosoi
    Chief Security Researcher
  • Dan Lowe
    Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.
  • Ligia Adam
    Security Evangelist and Social Media Professional
  • Loredana Botezatu
    Loredana Botezatu – E-threat Analyst – Loredana has been writing about the IT world and e-security for well over five years. She has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

Categories

HOTforSecurity