Posts tagged as:

facebook security

Alert: Scammers Invites Over 10 Million Users To Bogus Facebook Events

April 8, 2011

In their latest, innovative attempt to generate income from unsuspecting Facebook users scammers have started using Facebook events, and millions of Facebook users are being invited to the bogus events.

“]fb bogus event blockedlist Alert: Scammers Invites Over 10 Million Users To Bogus Facebook Events

According to Graham Cluley, senior technology consultant at IT security firm Sophos, an event called “Who blocked you from his friend list ?” has already tricked over 165,000 people into signing up, while more than 10 million users are left contemplating.

The “More info” section of the event’s summary instructions with links that leads curious Facebookers into visiting web pages with online surveys and competitions that earn the scammers commissions behind the scene.

So, apart from watching out for rogue apps, you can now add events to your vigilance list.

{ 2 comments }

Facebook Introduces New Security Methods

January 27, 2011

As part of Data Privacy Day this Friday, Facebook announced two new security methods, which will be rolled out to all users over the coming weeks.

Starting Wednesday Facebook is offering a more secure way to connect to its website, which is aim to protect users from the widely publicized wireless networking attack using Firesheep plugin.

fb fbinsecure Facebook Introduces New Security Methods

HTTP connection

fb fbsecure Facebook Introduces New Security Methods

Users will be able to connect to the site securely using an HTTPS connection, which ensures that data sent between your PC and Facebook are encrypted preventing eavesdropping.

Users’ will need to enable the option from their “Account security” section of the Account Settings page for HTTPS connection. The option is not available to all users at the moment, but will be rolled out to all users over the next few weeks.

fb enable https connect Facebook Introduces New Security Methods

HTTPS connection is recommended for users who connect to Facebook using insecure public networks regularly. Facebook will be relatively using HTTPS connection than HTTP.

fb traditional captcha 300x92 Facebook Introduces New Security Methods

Traditional Captcha

Social authentication is the other new security method. Everyone of you must have come across Captchas – a set of mostly non-meaningful words that you must type into provided text box to prove that you are in fact a human and not some nefarious bot.

Facebook has come up with their own version and users will be required to identify friends based on their profile pictures.

fb social authentication Facebook Introduces New Security Methods

Facebook's Social Authentication

This authentication method will kick in when Facebook suspects malicious activity on your account – for instance, “if you logged in from California in the morning and then from Australia a few hours later.”

{ 1 comment }

Fews Ways To Counter The “FireSheep” Extension

October 26, 2010

This post is not very related to Facebook, but I believe it is worth sharing. In our last post, we share about the dangers of Firesheep, a Firefox extension, and as I shared, a lot of people have already downloaded it and are trying it out to check whether it is true, with an intention to hack, or just for fun.

If SSL encryption is used in all communication, the problem will be solved, but this is something that should be supported in the server side and that is not happening very fast. But, you can take the initiation and use extension that will force to use secure connection to the sites you always use like Facebook, Twitter, and Google etc and counter extensions like the Firesheep.

HTTPS Everywhere is one such extension that will force secure connection. You can get it here. Install it and restart Firefox and you are done.

The extension will force the use of https for connecting to popular sites like Facebook, Twitter, NY Times, Washington Post, WordPress, Google, and many others. You can also add more sites by writing your own redirection rules, which is easy to write.

fb httpseverywhere Fews Ways To Counter The FireSheep Extension

Another Firefox extension called Force-TLS also force sites to use secure connections and make it impossible for Firesheep extension to get hold of your cookies. You can get the extension here.

Here is how to use it.

1. Install the plugin/extension.

2. Go to “Tools” on your Firefox browser and click on “ForceTLS Configuration.”

fb ForceTLS 1 Fews Ways To Counter The FireSheep Extension

3. Enter the address of the websites that you want the extension to force secure connection.

fb ForceTLS 2 Fews Ways To Counter The FireSheep Extension

Both the extensions work well except for Amazon (only partial). HTTPS Everywhere upon installation protects your information while visiting most of the popular sites while Force-TLS relies on the sites you define. But, it is easier to define new sites for secure connection through Force-TLS.

Note: The extensions given above are only for Firefox browser only.

To know whether a secure connection is being done or not just look at the address bar of your browser. For example: Connecting to Facebook without SSL encryption will appear like this the image below,

fb fbinsecure Fews Ways To Counter The FireSheep Extension

while connecting to Facebook after forcing encryption will appear like the one below.

fb fbsecure Fews Ways To Counter The FireSheep Extension

Note the extra ‘s’ after http at the beginning of the address. Hope this little post helps.

{ 0 comments }

BitDefender Launches Facebook Security Application

October 26, 2010

BitDefender, one of the top-rated security solution companies, launched a Facebook application to keep your Facebook’s account secure from virus, worms and other types of risks that are spread mainly through shared links on Facebook. The application called SafeGo is currently in free public beta.

The app displays your account’s privacy meter and recent activities, infected items, and other statistics.

On clicking the “Scan Now” button, the app will scan and report infectious items within your account. The bad thing is, the app doesn’t have the ability to flag dangerous items when you are browsing other’s profile, which is something not possible to incorporate within an app with the Facebook’s API on which apps are built.

The app also features a section for “Latest Threats,” which is currently not working, but will most probably feature threats found by the apps on other Facebook users.

fb safego interface 300x297 BitDefender Launches Facebook Security Application

I tried the app as I found it pretty alluring to know how my account is doing in terms of security, sadly the results turned up “Squeaky Clean. Check back soon!” But it was fun waiting for the result. The app also features a 5-question quiz called “Who is your evil twin” that displays your evil alter ego – worm, keylogger, virus, trojan or so on.

The good thing about this app is, you can know about potential infected links on your news feed posted by friends and delete them, as well as warn your friends about it.

The bad thing is the app accesses too much information of your account. Before installing the app, it will ask your permission for the following:

fb safego permission BitDefender Launches Facebook Security Application

If you don’t feel threatened by the amount of information the app is going to access, you can check it out.

So, we finally have some security helps on Facebook to help us take care of potential threats from shared links and know your true self (evil net ego icon smile BitDefender Launches Facebook Security Application ). It is also worth mentioning that Norton also has similar product for Facebook called Norton SafeWeb that is installed as part of Norton AntiVirus 2011 and Norton Internet Security 2011. It can also be downloaded separately for free.

(Check out SafeGo Application)

{ 0 comments }

Deleted Photos On Facebook Not Really Gone

October 15, 2010

Facebook has been under criticism once again from users because the leading social network is believed to be keeping deleted photos for more than 30 months.

According to the Sydney Morning Herald, the company admits to keeping photos for some amount of time after it is deleted. However, many users say that they are still able to access the photos via direct link even after years of deletion.

In one report, a user said that photos deleted 2.5 years back were still accessible. Another said a photo from April 2009 was still accessible after it was deleted.

Facebook was slammed by Bruce Schneier saying the social networking companies were deliberately killing privacy for commercial gain at the RSA Conference in London.

The problem is reportedly due to CDN known as content delivery network or content distribution network, which stores multiple copies of content on servers around the globe. The company said it is working on the issue.

So, if you think that your photos are gone once you delete them, then you are wrong. If you think that you are no more associated with Facebook once you permanently delete your account, you are wrong again. We are in for a long-term contract with Facebook even without realizing.

{ 0 comments }

Alert: Rouge App Try Out “Texting” Status To Lure Prey

October 11, 2010

As a Facebook user, you must have seen and came across your fair share of scam and rouge applications. The bad news is, you will be seeing more of them in the days to come. The good news is, there will always be someone or the other on the Internet warning you about these scams and rouge apps.

Facebook users have just recently seen off a rouge app in the name of free iPhones. The latest misleading app that is spreading rapidly on Facebook is a rouge app that post messages about texting on the victim’s wall. The rouge app showed up over the weekend with spam messages that read “OMG! Im never going to send another text message again after seeing this! <LINK>”

Clicking on the link redirects the user to an app where users are lured to grant permission to the rouge app called ._. to access their info and post on their wall. This app has apparently stopped, but a new variation has since taken off. The new version comes with a message reading “OMG! Im not txtin again now that I have seen this! <LINK>”

The app works similarly to the previous app, but this time the name of the rouge app is O_o.

Upon granting permission to the rouge app, users will be redirected to an article about the health effects of texting published in the Sydney Morning Herald back in September 2008. The rouge app will have access to your profile info, can email you, and starts posting status messages with the above mentioned message on your wall.

As usual, senior technology consultant at security vendor Sophos warns about the rouge app in his blog.

If you have already fallen prey to this app, remove the offending app from the application settings. Don’t forget to remove all references to the app from your Walls too.

{ 0 comments }

Alert: Facebook Users Hit By iPhone Scam Once Again

October 5, 2010

Free iPhone scam hits Facebook once again and is said to be in circulation since Sunday.

According to security firm Sophos, a number of social networkers have reported their staus being updated automatically with messages that reads:
“Just testing Facebook for iPhone out icon razz Alert: Facebook Users Hit By iPhone Scam Once Again Received my free iPhone today, so happy lol… If anyone else wants one go here:”

Or:

“Anyone want my old phone? Claimed my free iPhone today, so hapy lol… If anyone else wants one go here:”

Users who click on the advertised link will be asked whether they want to “Allow” the application to access their basic information. On giving their permission, users will be redirected to a web page which will translate some commission for the spammers behind the scam.

sophos iphonescam Alert: Facebook Users Hit By iPhone Scam Once Again

(Source: Sophos)

The rouge application, which now has the access to a user’s profile will automatically post similar status updates on their wall waiting for the next prey to click the link.

“If you’ve fallen for this trick, I wouldn’t hold your breath waiting for a new iPhone,” said Graham Cluley, senior technology consultant at Sophos.

Seriously, you should be busy removing any references to the link from your wall and also revoking the permission given to the  rouge app icon smile Alert: Facebook Users Hit By iPhone Scam Once Again . If you need help on removing  these rouge application, you can check out this how-to article.

{ 0 comments }

Alert: Cheerleaders Gone Wild Video Clickjacking Facebook Users

September 9, 2010

Security researchers at the Sophos  warn of a new clickjacking spam spreading on Facebook.

The latest Facebook spam lures victims with a video of “Cheerleaders gone wild.” Victim’s accounts were posting messages that read “Cheerleaders gone wild – have to see this” with a photo of a cheerleader carrying pom poms.

Clicking on the link will bring out a legit-looking adult content warning prompt, asking you to confirm that you are 18 years old or older to proceed.

Fb cheerleaders gone wild spam Alert: Cheerleaders Gone Wild Video Clickjacking Facebook Users

(Credit: Sophos)

Proceeding forward brings up a new dialog that ask users to click three buttons with numbers 1, 2 and 3 in specific order, which according to spammers is to make out bots from humans.

Clicking the three numbers actually clickjacks users into ‘liking’ three things according to Graham Cluley.

  • ‘Cheerleaders gone wild’ video, which will get communicated to your friends and families through newsfeed.
  • ‘Funniest Video On the Web’ Page.
  • ‘Free ringtones every day’ Page.

So, it’s time to avoid cheerleaders videos on Facebook until this new spammed gets erased. Oh, btw the video that one will get to see after all the troubles can be watched directly on YouTube which contains nothing but just a bunch of Cheerleaders doing their thing icon smile Alert: Cheerleaders Gone Wild Video Clickjacking Facebook Users

If you have already watched the video, Congrats! Just don’t forget to check your list of  ’liked’ pages and remove the said pages. Also, remove any links of the video from your wall and newsfeed and save your friends from going through all the troubles and getting clickjacked.

{ 0 comments }

Facebook Plugs Hole Exploited By Spammers

September 8, 2010

Some of the latest spam messages that posted itself on the walls of Facebook users was reportedly due to a bug on Facebook.

Sean Sullivan, an F-Secure security researcher, said that some clever spammer discovered Facebook’s books vulnerability that allows auto-replicating links.

Facebook said Tuesday that it has fixed the bug and cleaned up users’s wall.

“Earlier this week, we discovered a bug that made it possible for an application to bypass our normal CSRF [cross-site request forgery] protections through a complicated series of steps,” said a company spokesman in a statement. “We … fixed it within hours of discovering it for a short period of time before it was fixed, several applications that violated our policies were able to post content to people’s profiles if those people first clicked on a link to the application.”

The survey scam offering Best Buy and Walmart gift cards is the latest scam to spam user’s wall on Facebook. Last week, Facebook users were spammed with free iPhones, which came close on the hells of another spam offering free iPads to users on Twitter and Facebook.

{ 0 comments }

← Previous Entries