[Show all top banners]

Captain Haddock
Replies to this thread:

More by Captain Haddock
What people are reading
Subscribers
:: Subscribe
Back to: Kurakani General Refresh page to view new replies
 Facebook applications and identity theft?
[VIEWED 1848 TIMES]
SAVE! for ease of future access.
Posted on 05-01-08 1:49 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

http://news.bbc.co.uk/2/hi/technology/7376738.stm

Cant get enough of applications on Facebook? Looks like some of them can potentially screw you up. While face book seems to be aware of such activities, I am not sure they can control it completely. Not sure if this has already cycled through Kurakani but thought it might be of interest to some of you.

 
Posted on 05-01-08 1:52 PM     Reply [Subscribe]
Login in to Rate this Post:     0       ?    
 

I was here for the same news!
You beat me up!

Looks like facebook applications can really be dangerous!

From BBC:

Identity 'at risk' on Facebook
By Spencer Kelly
Presenter, BBC Click

Facebook logo reflected in an eye
Facebook has millions of users throughout the world

Personal details of Facebook users could potentially be stolen, the BBC technology programme Click has found.

The popular social networking site allows users to add a variety of applications to their profile.

But a malicious program, masquerading as a harmless application, could potentially harvest personal data.

Facebook says users should exercise caution when adding applications. Any programs which violate their terms will be removed, the network said.

Stealing details

Facebook is the darling of the moment, allowing friends to stay in touch, post photos, and share fun little games and quizzes. And it also lets you keep your details private from the rest of the world. Or at least that is the implication.

How the BBC exposed Facebook security flaw
We have discovered a way to steal the personal details of you and all your Facebook friends without you knowing.

We made up the fictitious profile of Bob Smith. He keeps most of his details on his profile private from non-friends.

While we could not get all details, what we did get, included his name, hometown, school, interests and photograph, would certainly help us to steal someone's identity.

Mining data

So how did we do it?

Click's resident coder, Pete
Thousands of applications are available to Facebook users

Using a couple of laptops and our resident coder Pete, we created a special application for Facebookers to add.

One of the reasons Facebook has become so popular so quickly is because of the wealth of applications users can add to their profile pages.

Little games, quizzes, IQ tests, there are thousands of them available. And once you have added an application, your friends are encouraged to add it too.

Anyone with a basic understanding of web programming can write an application.

   
SECURITY ADVICE
Click's advice for worried Facebook users

We wrote an evil data mining application called Miner, which, if we wanted, could masquerade as a game, a test, or a joke of the day. It took us less than three hours.

But whatever it looks like, in the background, it is collecting personal details, and those of the users' friends, and e-mailing them out of Facebook, to our inbox.

When you add an application, unless you say otherwise, it is given access to most of the information in your profile. That includes information you have on your friends even if they think they have tight security settings.

Did you know that you were responsible for other people's security?

Security

Now, many applications do need access to your details, in order to work properly.

We do not know of any specific application which abuses user information, apart from ours.

But the ease with we created our application has many people worried. If it is being used you would not even have to use the application we created to become a victim, you would just have to be a friend of someone who has.

   
Morally, Facebook has acted naively
Paul Docherty, Technical Director of Portcullis Security

Because these applications run on third-party servers, not run by Facebook - it is difficult for the company to check what is going on, whether anything has changed, and how long applications store data for and what they do with it.

Although Facebook's terms and conditions contain a warning that this could in theory happen, and offer the option to stop an application from accessing your details, many games and quizzes would not work if this option is engaged.

In fact, the only way we can see of completely protecting yourself from applications skimming information about you and your friends is to erase all the applications on your profile and opt to not use any applications in the future.

So has Facebook done enough to protect its users from identity theft?

Paul Docherty is the Technical Director of Portcullis Security, which advises several governments on IT security matters including British government.

He told us he believed that Facebook's terms and conditions stated on the site meant that Facebook had legally covered itself from any liability.

But he added: "Morally, Facebook has acted naively."

He said: "Facebook needs to change its default settings and tighten up security."

He also believes it would be difficult to secure the current system because so many third party applications are now in circulation.

Removal team

We put these concerns to Facebook.

It told us that it has an entire investigations team watching the site, and removing applications that violate its terms of use which would include our Miner application.

   
FACEBOOK Q&A
Read Facebook's full response
It also advises users to use the same precautions while downloading software from Facebook applications that they use when downloading software on their desktop.

Now, all this comes in the month that competitor MySpace opened up its application platform. However, it handles them differently - here all applications run on its own servers so it can see what they are up to.

MySpace also manually checks all submissions and rechecks them if authors wish to change the code. We were unable to create a similar threat to users' security using the MySpace system.

It certainly seems that Facebook's standard security settings are not sufficient to protect your personal information, and those of your friends.

 


Please Log in! to be able to reply! If you don't have a login, please register here.

YOU CAN ALSO



IN ORDER TO POST!




Within last 365 days
Recommended Popular Threads Controvertial Threads
शीर्षक जे पनि हुन सक्छ।
NRN card pros and cons?
TPS Re-registration case still pending ..
What are your first memories of when Nepal Television Began?
Anybody gotten the TPS EAD extension alert notice (i797) thing? online or via post?
TPS Re-registration
Democrats are so sure Trump will win
Basnet or Basnyat ??
TPS EAD auto extended to June 2025 or just TPS?
nrn citizenship
Toilet paper or water?
Sajha has turned into MAGATs nest
Nas and The Bokas: Coming to a Night Club near you
ढ्याउ गर्दा दसैँको खसी गनाउच
Mamta kafle bhatt is still missing
ChatSansar.com Naya Nepal Chat
whats wrong living with your parents ?
डीभी परेन भने खुसि हुनु होस् ! अमेरिकामाधेरै का श्रीमती अर्कैसँग पोइला गएका छन् !
3 most corrupt politicians in the world
अमेरिकामा बस्ने प्राय जस्तो नेपालीहरु सबै मध्यम बर्गीय अथवा माथि (higher than middle class)
Nas and The Bokas: Coming to a Night Club near you
TPS Update : Jajarkot earthquake
NOTE: The opinions here represent the opinions of the individual posters, and not of Sajha.com. It is not possible for sajha.com to monitor all the postings, since sajha.com merely seeks to provide a cyber location for discussing ideas and concerns related to Nepal and the Nepalis. Please send an email to admin@sajha.com using a valid email address if you want any posting to be considered for deletion. Your request will be handled on a one to one basis. Sajha.com is a service please don't abuse it. - Thanks.

Sajha.com Privacy Policy

Like us in Facebook!

↑ Back to Top
free counters