I swear I am not on an anti-Facebook crusade, but the endless drip, drip, drip  of security issues is astounding. So is Facebook just worse than the rest when it comes to security? I think not.  It’s just that they are the most popular and receive the most attention. In other words, ALL social networking sites have these issues.

“Last night during Facebook’s regular code push, a bug caused hidden email addresses to be visible briefly,” said a Facebook spokesman yesterday.

This new calamity lasted for 30 minutes.

Read more: http://www.v3.co.uk/v3/news/2260541/facebook-bug-discloses-private

Facebook users are expressing strong disapproval of proposed privacy changes will let the site share some user information with third-party Web sites and applications. Have you added your voice? These social networking sites have a captive audience which many businesses will pay a pretty penny to have access to and get information about.

When Google decided to unilaterally opt Gmail users into Buzz and share your contact information, it received bad press and an FTC filing. I can only hope the same and more happens here.

Under Facebook’s current rules you’re asked first if you want to share information (your name, photos and friends list) with third-party sites. The proposed policy, which Facebook hasn’t implemented yet, would bypass asking you for approval when visiting some sites and applications Facebook has business relationships with, sharing limited personal information automatically.

Tell Facebook how you feel about it here: http://blog.facebook.com/blog.php?post=376904492130

Alas, another day, another Facebook security alert.

As soon as you install this malware, it will tag every single one of your friends in a photo in batches of about 20. It then posts that photo to your wall.

This is what the photo looks like:

If a Friend looking through the photos then clicks on the app’s  link, they’ll see this:

If you have a lot of friends, you might end up with a series of albums like this:

Apart from the wall spamming, another obvious indication that this is a virus itself, is the url:

http://apps.facebook.com/kxetyegpgkxdwfy/

A valid application is not going to have a url with a bunch of jumbled letters at the end.

If you have been tagged in  the photo by one of your friends (remember, they did not really do this – the app did automatically), you can remove the tag.

1. Open your photos
2. Click the offending picture
3. Look for your name in the list of people tagged
4. Click the ‘Remove Tag’ link that appears beside your name

The photo will then automatically be removed from your photo list.

Source:

http://www.f-secure.com/weblog/archives/00001920.html

http://thefacebookinsider.com/2010/03/warning-facebook-antivirus-will-virally-spam-your-friends/

“I think the social networking sites are good to have,” she said. “You just have to be smart about it. Because just because you’re trustworthy and a nice person does not mean everyone on your Facebook is. So you can’t put your address — my address wasn’t even listed — or your phone number or that you’re home alone or going out of town.”

That’s a quote from a woman whose house was robbed by a Facebook “friend” after she updated her status indicating she was on her way to a concert. She appeared on the CBS Early Show this morning. The robber  had contacted her six month previously claiming to be long lost neighbor from 20 years ago. Fortunately for her, she had cameras installed at home and recorded  the culprit in the act.

I can’t stress enough the importance of limiting the information you put out there. With friends like these, ….

Source: CBS NEWS

Here’s an interesting story. Who didn’t see this coming?

“Police say a hacking investigation in Fairfax County, Virginia started with a Facebook pregnancy announcement. But, it turns out the woman is not expecting a baby.

According to police, someone hacked into her Facebook account and posted the fake status update. The victim, who is from Springfield, also claims someone accessed her Hotmail account and sent out nasty emails.

All of the victim’s classes at Northern Virginia Community College were canceled by the hacker.

Police are investigating the Facebook and Hotmail hacking claims, but so far no charges have been filed.”

Source: http://www.myfoxdc.com/dpp/news/local/woman-says-facebook-account-was-hacked

Is this a divorce or separation?  I chronicled Google’s dysfunctional marriage to China last month. This week Google shut down its search service on the Chinese mainland last night after a two-month standoff with Beijing over censorship and the much talked about hacking incident.

Google.cn now redirects visitors to google.com.hk – where they are greeted by a message reading: “Welcome to Google search in China’s new home.”

The move allowed Google to stop self-censoring the service, although the government’s filtering system would still prevent mainland users from seeing the results of many “politically sensitive” searches.

German’s official cyber-security response team is advising surfers not to use Firefox pending the release of a patch to defend against a critical unpatched vulnerability. This is the second time in two months that Germany has taken such a step. Earlier in January, the German government issued a similar warning to IE users. I did a post about it titled Germany warn users against Internet Explorer.

The zero-day vulnerability in the latest full version 3.6 of Firefox was discovered by security researcher Evgeny Legerov last month.  Legerov controversially offered to sell exploit code he developed.  Mozilla acknowledged the security vulnerability on Thursday and promised the the next version of 3.6.2, due at the end of the month, would plug the hole.

I have to applaud the German government for taking such a proactive approach to online security of it’s citizens. I have to wonder what would be the response to such an approach my the US government here. As to the advice given, I’m of two minds really. Whereas home users are at liberty to switch browsers as often as their underpants, corporate users may not have that luxury. Whole scale software migrations in a corporate setting is no small undertaking. Ig it were, I doubt Google would have gotten hacked for using IE6.

Vulnerabilities in all browsers are discovered over time. Corporate users, does the musical browser approach really work even if it were possible? I think not. My advice: Test and Upgrade as soon as is feasible.

There have been numerous stories recently about the fact that the feds are trolling the social networking scene looking for…..whatever it is feds look for. I’m not sure why this is news or even unexpected. This is standard fare offline why should it be any different online where it is a lot easier to people to connect and share ideas good or bad. Is Facebook and Twitter sharing all my activities with the Man.? If so then they will have already sen this post before you did because my blog posts are automatically published on Facebook, Twitter, Myspace, Friendfeed, and a few more. Hey, I’m just trying to spread the word here. Are any of the folks you follow on Twitter under suspicion by the feds for…..whatever feds suspect folks of? How about your friends or fans on Facebook or some other networks? How would you know if they are? Man, this could get messy. But honestly, if they listen to your phone calls, why wouldn’t they track your online activity. I fully understand and appreciate the privacy concerns but I’m a realist. It’s happening, folks.  Don’t plan any federal crimes on Facebook!

Check out FBI Going Rogue on Facebook on DarkReading.com

I”ve previously warned of fake security software or scareware. Here’s a second helping. Beware of the following:

XP Security Tool 2010 is a rogue virus protection program. It reports false scan results and fake security alerts to scare you into purchasing this rogue program. XPSecurityTool2010 claims that your computer is infected with worms, trojans, adware or other malware and that you should purchase XP Security Tool 2010 to remove the infections that actually don’t even exist. Most of the time, this fake program comes from fake or infected video sites or fake online scanners. But may be also promoted on such popular sites as Facebook or MySpace.

Vista Security Tool 2010 is a rogue anti-malware program that usually comes from fake online scanners and fake video websites. While running, this fake program will run a fake system scan and report numerous spyware infections to make you think that your computer is infected with various malware. Then it will ask you to pay for a full version of the program to remove the infections which as well already know don’t even exist.

Total Win 7 Security is a fake anti-spyware program that is promoted through the use of trojans and other malicious software. Most of the time, TotalWin7Security comes from fake online scanners, fake video websites or bundled with other malware. Once installed,Total Win 7 Security will imitate a system scan and display numerous infections that can’t be removed unless you first purchase the program.

For more information on how to rid your systems of these and others of their elk, check out http://www.2-spyware.com/