Posts tagged ‘Facebook’

Use Facebook Apps? Time for a Password Change

December 28, 2009, 1:45 pm

RockYou was hacked a couple of weeks ago and over 35 million passwords were stolen. RockYou may have your password if you’ve played any of their Social Networking Applications on sites like Facebook or MySpace. Their applications include

  • Slideshow
  • Uploadphoto
  • Photofx
  • Glittertext
  • Funnotes
  • Countdown
  • Superhug
  • Myspace layouts
  • Stickers
  • Superwall
  • Pieces of flair
  • Speedracing
  • Likeness
  • Hugme
  • Birthday cards

Pieces of flair seems like one I’ve seen my friends using. Depending on the application, RockYou may have had your Facebook or Webmail password. RockYou recommends that you change passwords for any online service where you’ve used the same password disclosed to them.
In the last day, I’ve seen a massive spike in the number of friends who have had their Gmail account hacked and spam sent to contacts in the address book. Its not necessarily connected to the RockYou attack, but its worth mentioning. The hacker briefly posted the full database online for anyone to download. So its not surprising that people would get hit.

Tags: , ,
Category: Hacks  |  1 Comment

Facebook Google Indexing Tempest in a Teapot

December 15, 2009, 12:13 am

Earlier today I started getting status updates from friends that read

If you don’t know, as of today, Facebook will automatically index all your publicly available info on Google, which allows everyone to view it. To change this option, go to Settings –> Privacy Settings –> Search –> then UN-CLICK the box that says ‘Allow indexing’. Facebook kept this one quiet. Copy and paste onto your status for all on your news feed.

Facebook’s chain letter detection kicked in (not sure if that was an automatic or manual process) to deter future exact duplicates of that status update. This made people all the more suspicious about why Facebook would be blocking their attempts to warn about Facebook privacy.
If you did wander over to the Facebook privacy page you’d see the following message from Facebook.

Worried about privacy? Your information is safe.
There have been misleading rumors recently about Facebook indexing all your information on Google. This is not true. Facebook created public search listings in 2007 to enable people to search for your name and see a link to your Facebook profile.

Security hoaxes have been around forever. Misconceptions about genuine security threats are tough to deal with. While Facebook has made some debatable privacy changes lately, I believe Facebook is right that the search settings are hardly new. What really matters is the security settings you place on you data.
When someone asks you to share information with everyone you know, as this dire warning did, unless its the Gospel of Jesus, I think your crap detector should be sounding the alarm. If the source is not a computer security expert stop and ask if it makes sense. If the source IS a computer security expert stop and ask if it makes sense and then make sure your wallet hasn’t been stolen by the security expert.
Search engines index Facebook status, but only the status that has the Everyone permission. If you’re going to freak out, do it by reviewing your privacy settings. You know, the privacy settings Facebook had you review this week. Everyone means everyone on the internet.

Tags: ,
Category: Awareness  |  2 Comments

Facebook non-privacy settings

December 10, 2009, 1:00 pm

Facebook has rolled out new security settings this week. It seems designed to confuse and lead people into sharing more info than ever.
If you are one of the 20% of Facebook users who as adjusted their privacy settings previously than Facebook will make your old settings the default but encourage you to change it. For everyone else the default security permission is Everyone. In an effort to be more like twitter they want your status updates available to everyone, not your friends, not friends of friends, not your networks, not even just authenticated users. Every anonymous Internet user including search engines will be able to read your status updates. Like twitter data, anything you post could be mirrored permanently somewhere else.
Of course the best policy is to not post anything to the internet you wouldn’t want public knowledge. Web 2.0 security just isn’t that trustworthy.
Graham Cluley has a good blog entry and video on his blog regarding these new Facebook privacy settings. That is geared for the average end user. Dont forget to check application privacy as well. I found that applications my friends use could see my Birthdate. Not cool.
I was rather perturbed to find that I can’t restrict the world from viewing the Pages where I’m a fan. These fan pages announce my beliefs, affiliations and preferences. Facebook says Everyone gets to see your “publicly available information. This includes your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages.” I was kind of hoping this meant that there was a place where I could make that information not public. Unfortunately that is not the case. Check out this posting from the EFF (Electronic Frontier Foundation). According to the EFF, Facebook says my membership in a Page was already visible on a page so its not different. I certainly see a difference. While before you might take the time to see if I was a member of a few controversial Pages, now you can see all my pages. Hopefully this will change and I can make Page membership non-public.
If you use Facebook, take a moment to review your privacy settings

Tags:
Category: General  |  Comment

Facebook Connect Plugin

January 1, 2009, 7:52 pm

I installed the Facebook Connect Plugin for MovableType. Its supposed to allow you to login using Facebook credentials and share the comment back to your Facebook wall. The login seems to be working sort of ok in Firefox (once I allowed all the Facebook javascript to run). But in IE, its not working at all. I’m not sure if that is because I am using AJAX comments or if its caused by something else.
That is the state is going to remain in for a while.

Tags: ,
Category: Housekeeping  |  Comment