Thursday, 17 March 2011

Facebook Security issues......

Facebook is a very popular social networking site, but there are a number of security issues with the site that can put you at serious risk if you aren't careful. The number of facebook account hackings seem to be on the increase (at least I've been getting more bogus messages recently), and this page is in response to a friend who asked what to do after her account got hacked.

While any online account is in danger of being hacked, Facebook has unique features that make this danger even more likely. For one thing, it is very common to post personal information which can be used to steal your identity. But the significant danger is because it is so easy to run malicious programs that can hack your account. In particular, be very careful using any application that asks to access your profile.
Keep in mind that if your account is compromised, not only is your personal information exposed, but the personal information of all your friends as well. So, even if you don't have anything sensitive in your profile information, your friends might. Every time you take one of those quizzes on facebook, you are risking your information and that of your friends.

Facebook Dangers

Personal Information
Facebook has some additional features that make it easier to expose your information. For one thing, you are more likely to include personal information on the web site. Be very careful because this can be used for identify theft. You can also help burglars know when you are going to be away from home for long periods of time ("I'm leaving tomorrow to XXXX for a whole three weeks!").Unconfirmed rumors about someone having their place broken into abound, after they mentioned going away for a long weekend on facebook.
Depending on how much information you put into your profiles, you might be at risk for identity theft. All that is needed to identify a person is their birthday, their sex, and their zip code. If you have your birthday, address, and phone number, you are making it easy for somebody to steal your identity. With that information, people can search various on-line databases to uniquely identify a person. Since most people on facebook use their actual names, that makes identity theft even easier. Don't display your birth year. Just put the city name instead of your actual address; if you live near a large city, then enter that name instead of your actual town. And be careful what you post on your wall. I've seen people put their actual address, their cell phone number, when they were going to be away, etc. on their wall, which is very dangerous.

Friends List
Some people accept any friend request they get, whether they know the person or not. This is a serious problem, since whoever you accept will be able to see all your personal information. They can also see personal information about your friends. So, even if you only accept friends from people you know, if you have a friend that accepts anybody's request, your personal information might be exposed. Make sure your personal settings are restricted to "friends only", not "friends of friends."
Debt collectors have been known to find people who are behind in their debts, send them a friend request, and then start to bother them. If they can't conect to the person of interest, they try to friend their friends. In one case, they friended the person's mother and told them that failure to pay might end up in jail time. A few clever collectors have their profile picture set to a cute young woman in order to get men to accept their requests.

Most employers will search facebook, myspace, etc. to find out more about people applying for a job. So having those embarassing pictures open to the public might prevent you from landing your next job. Do you want your future employer reading your smart aleck comments on your wall?
You can create several different friends lists, and then assign different permissions to each list. This will allow you to accept a friend request and still restrict what they can see. With this arrangement, your close friends can see everything you have on Facebook, but your business or casual friends will only see some basic information. You can read more about managing friends lists.

Another serious danger on facebook are all of the applications. Any application that asks to access your profile information puts your information at risk. What's worse, if any of your friends use those applications, they also put your information at risk, even if you never run an application. Supposedly, these applications only use this feature to put the results and some cute picture on your home page, or help you remember events, birthdays, etc. However, facebook doesn't bother to check any of these applications. There is no rating system, so that you have no idea if the application is safe or malicious.

The ACLU has highlighted these dangers recently by creating their own quiz, which displays all the information that is available to the quiz. It is important to realize that quizzes aren't created by facebook, but by facebook users - any facebook user can create a quiz. Why would you trust an anonymous programmer that you know nothing about with not only your own personal information, but information about all your friends? When you run a quiz, you give the application permission to access anything in your profile, including your friends' profiles. A quiz can do anything you can
do on facebook; actually, even more. And no virus or malware scan will even see any of this, let alone prevent it.

It is important to realize that applications aren't affected by what browser you run or what anti-virus or anti-malware software you run. The damage isn't done on your machine, it is done on the facebook servers. As soon as you run an application, you have given it permission to do anything it wants to any and all of your information, and any information you can see about your friends. And remember, the people who write applications aren't hired by facebook, they are anyone who wants to write an application.

What kind of problems can applications raise?
Photo of the Day
There was one application called Photo of the Day that actually sent your personal information to the author. This was built as part of a research project, and became quite popular, without people knowing that their information was being compromised.
The Danger of Facebook Quizzes
Many people seem to enjoy taking lots of quizzes on facebook. There are several problems with quizzes:  Accuracy - does anyone actually believe those quizzes? Exposure - the authors have access to all your answers and your personal information Control - you are giving the application permission to do things in your name
For example, the article The Danger of Facebook Quizzes gives examples of how quizzes have been used to sell personal information to drug and marketing companies, based on your answers. So if you mention you have trouble sleeping, you might start getting e-mail, junk mail, or even phone calls trying to sell you sleep products.
One quiz asked the names of your pets, kids, spouse, etc. These are what many people use for their passwords. Even if you don't use them for passwords, the information you provide might be used by a malicious person to construct a message using social engineering that looks genuine, but isn't. For example, someone could send something to your friend and mention your brother John, or your dog fluffy, which can cause your friend to think they are talking to one of your friends.

Facebook Fan Check (or Stalker Check)
There are rumors going around that the Fan Check (which used to be known as stalkercheck) is a virus.

REMINDER: Any application that asks permission to access your profile puts your facebook account at risk (and the facebook accounts of all your friends as well.)
However, what is going on might be something different. It might be a fake virus alert to trick you into infecting your computer.

Here is how these kinds of things work:  Somebody starts a rumor that something is actually a virus. They include a link to some site that supposedly "fixes" the virus. The link actually contains malware that will infect your computer.
At this point, there is no proof that Fan Check / stalker check is a virus.
Remember, be *very careful* before installing anything on your computer. This shows how people can be tricked into downloading something to "fix" a problem they think they have, when they are actually infecting their computer with malware.
Any time something asks permission to access your profile, we recommend you say "no". Granted, you won't be able to take the lame quizzes, or stick silly pictures on your page, but at the same time, you are less likely to have your identity stolen or your account hacked. The choice is yours.

No comments:

Post a Comment

My Hamster