Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Topics:
SophosLabs Insights
Private Facebook Info Exposed By Simple Hack
Facebook's security has been called into question after the creators of a new blog discovered a hack that can expose private profile information of any user. The creators of a new blog called FBHive showed how they could see everything listed in a Facebook user's "Basic Information" panel, regardless of the privacy settings they had chosen. Using the security hole, they were able to view personal information about Facebook CEO Mark Zuckerberg, Digg founder Kevin Rose, and popular blogger Cory Doctorow. Of course, personal data, such as your date of birth, can be valuable information for identity thieves. The folks at FBHive went public with proof that they had exploited the security flaw by posting screenshots of the Internet celebrities' details, seemingly frustrated that after waiting more than two weeks, Facebook had still not patched the flaw. These screenshots have now been (quite rightly) obfuscated to protect the identities of the peopleconcerned, and Facebook has now fixed the vulnerability. FBHive published a short video demonstrating how they were able to exploit the flaw to examine a user's profile. It's great that Facebook has now fixed this flaw, but disturbing that the vulnerability existed in the first place -- millions of Facebook users potentially could have been in danger of having information snatched that they believed was secure. Of course, this isn't the first time Facebook has found itself in the spotlight for not properly securing its users' information. Just last month, a security loophole was found that could have allowed identity thieves and spammers to gather users' personal email addresses. And last year I stumbled across a security hole in the social networking site (demonstrated in the video below) that exposed every member's full date of birth, regardless of their security settings.
Maybe people need to learn that if they really want to be secure on social networks, they shouldn't rely on the Website keeping their date safe and sound -- that maybe it's better not to upload any personal information in the first place. After all, do you really need to tell Facebook your real date of birth? Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos website you can find him on Twitter at @gcluley. Special to Dark Reading. « Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks | Main | Forewarned Is Forearmed, Right? » |
| Sign up now for the weekly InformationWeek Blog Newsletter. |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
Related Content |
Sponsored by: |
Sophos Security Threat Report: 2010
How To Protect Your Critical Information Easily
