Friday, January 21, 2011

The State of Facebook Security

There's an in-depth piece published today by John Leyden, The Register's security correspondent, describing the different opinions of Facebook and Sophos when it comes to security on the world's most popular social network.
In a nutshell, Facebook disputes the findings of our recent Security Threat Report which discovered an increasing proportion of Facebook users were reporting that they had encountered spam, malware and phishing attacks on the social network.
One thing is certain, and is unlikely to be news that's welcomed at Facebook HQ. There is a growing perception out there that Facebook isn't the safest of places to be.
Take for instance, the poll we ran recently of over 1200 computer users. We asked them which social network they felt posed the biggest security risk, and Facebook won by a country mile with 82%.

That's a significant rise from the 60% who felt Facebook was the riskiest when we first asked the question a year ago.
Whether you agree with us or Facebook about whether cybercriminals are exploiting the network more than ever before, The Register's article is recommended reading.
In particular, pay attention to the second part of The Register's article, where I am reported describing some of the steps that Facebook could take to make it much harder for rogue applications to cause problems for their users.
I also believe that Facebook should be more proactive about warning its users about outbreaks - rather like we do on the Sophos Facebook page.


Facebook's official security page has over 3.6 million fans - just imagine how well they could help stamp out a fast-spreading scam or new malware attack if they were told what to look out for.
Because rogue apps are a real problem on the site - spreading virally, and earning the bad guys money.
I know that the guys at Facebook Security are well-intentioned and understand the issues, but because the company's bosses have chosen to allow anyone to write apps for the Facebook platform there is a huge amount of abuse. Facebook Security is effectively playing whack-a-mole, hammering the latest rogue app whenever they happen to spot it, and hoping that not too many accounts were compromised in the meantime.
Unfortunately, quite often Facebook Security don't seem to spot the scams until they have spread far and wide.
As The Register reports:
Facebook may talk a good game but a quick search (viewable only if logged into Facebook and safe providing you don't click on the links) shows hundreds of victims have installed a rogue app that falsely promises the ability to "see who has viewed your profile".

Please be careful not to click on those search result links, as they are pointing to rogue apps like the ones we have described in many of our articles before... and they've been spreading quite happily all week long.
My hope is that Facebook will treat both security and privacy as a higher priority in 2011, and do more to prevent incidents happening in the first place rather than trying to clean up the mess afterwards.
If they don't, then there's an ever-growing proportion of the internet which is going to have to learn to take a much greater level of care when it comes to their personal information and social networking accounts in the future.
And as more and more companies allow their users to access the sites from the workplace (which is the correct approach in my opinion) the repercussions could also be felt in the business world.
Check out The Register's article now.

No comments: