Sophos Slams Facebook Security In Open Letter

An anonymous reader writes "Security experts are calling on Facebook to implement a three-point plan to improve safety online. Sophos says it receives reports every day of crime and fraud on Facebook, and that victims are desperate for advice on how to clean up their profiles and undo the consequences. In an open letter to Facebook, the firm calls upon the social networking giant to adopt three principles: privacy by default (opt-in sharing), vetted app developers, and use of https whenever possible. 'Our question to Facebook is this — why wait until regulators force your hand on privacy? Act now for the greater good of all.'"

lol

[smash]

Our question to Facebook is this — why wait until regulators force your hand on privacy?

Answer: because that would interfere with our business model.

Re:lol

[Nikker]

Right now Zuckerberg might be known as the Billion Dollar Kid but that's really not the case. His company is valued at 50 Billion I don't really see that lasting because it's just all about paper. On paper Facebook looks huge and with MS and a few other big guys on the bandwagon they're are fewer companies to jump in on the idea. At the end of the day Zuckerberg was right it is all about exclusivity, it's the same reason people hang out at certain places but when every one shows up at your hangout and you can't kick them out you eventually find a better spot for yourself.

MySpace was exclusive in a way because it was the first of it's kind then it became well, lame. Then Facebook comes along and only the select few can join but now the bar is so low anyone with a pulse and a keyboard can join. Eventually something new will come along and it will split up the same way as it is in 'real life' every one will find their own coffee shops or dives and kill time there will be intermittent communication between the groups but they will mainly stay where they are.

Ces't la vie.

Facebook's rogue app risks

[Announcer]

As a frequent user of Facebook, I find the numbers of rogue and bogus applications to be the most annoying aspect of the site. They need to start seriously vetting the developers and apps NOW. No more allowing apps to just be posted and start spreading SPAM from user-to-user.

I use Firefox, with the "NoScript" and "AdBlock" plugins, so 3'rd party sites have no access to ANY scripting functions. This allows me to visit these rogue app's sites and REPORT them, which I do frequently. I also warn my friends who fall victim to them, NOT to click the links posted on their pages. Many of them have thanked me for doing this. I have seen Facebook remove virus apps and links within minutes of my reporting them, which is "good", but not good enough!

It's high time that the people at Facebook took this much more seriously, and use PREVENTION rather than CURE after-the-fact.

Re:Facebook's rogue app risks

[Culture20]

For some reason all the worst ones seem to refuse to work in https mode.

Because if they use a trusted SSL cert, there should be a trail to a real person. Unless they used Comodo.

And two factor authentication...

[HerculesMO]

If I can have my World of Warcraft account secured with a two factor authentication, I should be able to do this for Facebook. Seriously.

Re:Clean up your own back yard

[Culture20]

Of course if they did it right with a clearly visible link to the HTTPS address it would work (though take a huge toll on their servers).

https://www.facebook.com/editaccount.php
Account Security
Set up secure browsing (https) and login alerts.
Secure Browsing (https)
Browse Facebook on a secure connection (https) whenever possible
When a new computer or mobile device logs into this account: Send me an email

Re:No, No and No

[fuzzyfuzzyfungus]

If information does "leak" out of Facebook their precious company won't be worth the billions and billions they seem to think it is.

I think no more highly of Facebook's adherence to any principles other than their bottom line than you do; but I think that it might not be so clear cut...

Facebook's position of strength lies in having massive network effects, and piles of user data, that draw users back so that their consumery little eyeballs can be monetized until they bleed. What could weaken their position? 1. 'Their' data being trivially available by assorted dodgey-but-easy means without paying them for access to it. 2. People disclosing less because they have heard that Bad Things Can Happen, Oh Noes!

Now, the second item is as likely, or more, to simply elicit cynical displays of 'security' which, after all, are cheaper and easier than the real thing; but the effects of number one could be interesting. Facebook obviously has not the slightest interest in your privacy; but their revenue stream depends on being the gatekeeper to any commercial scale violation of it. The market value of their precious "social graph" goes way down if 95% of it can be swiftly scraped by building a bottom-of-the-barrel malicious app that collects users', users' friends', and friends' of friends, details, or if some combination of spiders and cheap summer interns equipped with attractive stock photos can collect the public stuff.

They obviously have no reason to protect privacy; but it is arguably very much in their interest to have a saleable monopoly position on information disclosures. Particularly if somebody like Phorm or Nebuad shows up and starts snagging Facebook info right off the wire, I'm guessing that Facebook will suddenly start to take SSL a bit more seriously.