Category: Facebook Security

Don’t Talk To Strangers

Posted Sep.01, 2010 under Facebook Security, Phishing, Social Media Security

I received an invitiation from this girl(?) today. I declined.

Malware City just published a very interesting experiment. Creating a 20-year old girl persona they contacted and befriended 2,000 people.

The study focuses on how easily social network users make new virtual acquaintances by accepting friend requests sent out by perfect strangers, and on what kind of information they disclose to these recent friends.

Malware City doesn’t reveal which social network they have used for the study but they reveal “First, a social network was chosen. The choice was based on the fact that the network was large enough to make it possible for the “friends” sample to meet the representativeness criterion.” Taking into consideration the size and the possibilities of communication, my guess is Facebook was used for the study.

Second, a test-profile was created in order to analyze a so-called “friendship rate” as a function of sex, age and interests. This test-profile was that of a fair-haired woman, aged 21, acting as a very, very naïve interlocutor.

In my opinion it’s a very interesting study. I am quoting one of the most striking results here:

“…after a 2 hour conversation, 73% revealed what appears to be confidential information from their work place, such as future strategies, plans, and unreleased technologies/software.”

Read about the study at Malware City

Leave a Comment

Click-jacking on Facebook

Posted Jun.07, 2010 under Facebook Security

Several hundred thousand Facebook users are said to have fallen victim to a click-jacking attack by inadvertently clicking on a hidden “Like” button on a specially crafted page

Once the button was clicked, a message (for example “User Noob likes LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.”) was posted to the user’s news feed, which is visible to other users. Other users clicking on the news feed link in Facebook also landed on the click-jacking page – Sophos compares the way the link spreads to that of a worm and has, therefore, called the attack a click-jacking worm. A similar attack was launched on Twitter in early 2009.

Source: Sophos

Leave a Comment

Security-conscious users consider quitting Facebook

Posted May.25, 2010 under Facebook Security

A survey by security services provider Sophos has found that 60 percent of respondents are considering quitting Facebook over privacy concerns.

Sophos findings suggest that almost two thirds of Facebook users are considering leaving, with 16% of those polled claiming to have already stopped using Facebook as a result of inadequate control over their data.

These results come amidst growing criticism that Facebook is facing over changes to the way that the social network can share user data across its site and with other websites. Concerns have centred on the complexity and ‘opt-out’ approach to sharing member information with wider networks. Media reports suggest that Facebook is planning to announce changes to its privacy settings within the next few days, but it is unclear as to whether any changes will be substantial enough to address user concerns.

Source: Sophos

Leave a Comment

Malicious Facebook Farm Town Ad Redirects to Fake Antivirus

Posted Apr.13, 2010 under Facebook Security, Phishing, Social Media Security


farmtownPC World – A malicious advertisement has been found within an application for Facebook that redirects users to fake antivirus software, according to a security researcher.

The banner advertisement for greeting cards is intermittently displayed with an application called Farm Town, which has more than 9 million monthly users according to information published on Facebook.

If the bad Shockwave Flash advertisement is displayed, the user is redirected from Facebook through several domains and ends up on a Web site selling fake antivirus software, said Sandi Hardmeier, who studies malicious advertisements and blogged about the issue.(See also “How to Remove Fake AV Software.“)

Source: Yahoo! News: Software News

Leave a Comment

1 in 4 kids have tried hacking in Facebook accounts

Posted Mar.22, 2010 under Facebook Security, Online Security News, Social Media Security

Despite 78% agreeing that it is wrong, 1 in 4 of UK’s children have tried their hand at hacking into others’ Facebook accounts mostly by surreptitiously using the victims passwords– that is the stark finding of a survey released today.

And it’s not just the boys – 47% admitting guilt are girls.

The study of 1,000 youngsters from London and 150 from Cumbria found that although 27% were doing so from the relatively safe confines of their bedrooms, these juvenile offenders are utilising computers in Internet Cafés (22%), the ICT suite at school (21%), and a friend’s machine (19%).

The most common reason was for fun (46%) however 21% aimed to cause disruption and a resourceful 20% thought they could generate an income from the activity.

However, there are some things that can be done to protect our online activity:

Install security software: anti-virus, anti-spyware and a firewall
Never disclose passwords or respond to emails that ask us for this information

Vary your user name and passwords between sites. That way if one account is compromised it can limit the damage of others being breached

Untick ‘remember me’ boxes for user name and passwords, especially for email accounts, online banking, social media websites etc. if your computer is used by other members of the household – and therefore possibly their friends

Be careful what you talk about in chat rooms, you never know who you’re talking to or who’s listening in. Someone with an ulterior motive could be gathering information spanning many months that individually tells you nothing but pieced together provides a complete picture

Periodically change your username and password, immediately if you suspect someone may know it.

Protect yourself against eavesdroppers and freeloaders by using encryption on your wireless network
Use a password manager such as Password Safe by Bruce Schneier

Source: Security Watch – Internet Security News: IT security, Business security, Computer security, Network security, and more

Leave a Comment