informa
Announcements
Event
How to Launch a Threat Hunting Program | Webinar <REGISTER>
Event
How to Accelerate XDR Outcomes: Bridging the Gap Between Network and Endpoint | Webinar <REGISTER>
Report
Black Hat USA 2022 Attendee Report | Supply Chain & Cloud Security Risks Are Top of Mind | <READ IT NOW>
PreviousNext
Risk
2 MIN READ
News

Bono's Bikini Teens Perplex Facebook's Privacy

An American fashion student and her British friend's pose with the U2 front man call into question what kinds of rules should be standard on the social network.
Thomas Claburn
Editor at Large, Enterprise Mobility
October 29, 2008
Indeed, Facebook spokesperson Barry Schnitt argues that Cluley is barking up the wrong tree. He said that when a Facebook user uploads pictures, the pictures are governed by a separate privacy control that has nothing to do with one's group membership. "Whatever setting these girls put on these photos is honored," he explained.

Michael Argast, a security analyst at Sophos, conceded, "Facebook does a reasonably good job of providing privacy controls."

Nonetheless, he insisted that Facebook needs to do a better job making its privacy controls clear to its users. He said that like privacy policies on Web sites, most people don't understand privacy settings. "People end up leaking more information than they intended," he said.

While privacy issues tend to be difficult to assess, due to the fact that the absence of privacy often presents only a theoretical risk rather than an actual loss, security issues present a clearer threat for Facebook and its users.

Fortinet, another security company, on Tuesday identified a Facebook worm that is Google Reader and Picasa to dupe Facebook users into watching a malicious video file. The worm travels as a Facebook message and prompts recipients to watch an online video. In an attempt to appear more credible, the worm points to video embedded in a Google Reader or Picasa page.

"It appears that cyber criminals behind the Facebook worms registered Google Reader accounts (either manually, or automatically via phishing operations or automated captcha solvers) for the sole purpose of loading them with links to malicious sites," said Fortinet researcher Guillaume Lovet in a blog post. "Indeed, upon clicking on the tempting video frame seen in the News Reader..., the victim is redirected to a classic fake-codec (W32/Zlob.NKX!tr.dldr), Trojan-enabled site."

Schnitt said that Facebook was aware of this particular worm and it working to remediate it. He said that only a small percentage of users have been affected. He characterized security issues as "an ongoing battle," and pointed to some of Facebook's security practices. There's automated monitoring and industry cooperation, of course. In cases where user posts appear to be suspicious, Facebook will add a CAPTCHA test that must be passed to publish the post, he explained.

"The bad guys go where the users are," said Schnitt.

And where bad guys go, security companies are sure to follow.

This article was edited on 10/30 to correct the spelling of Michael Argast's name.

Vulnerabilities/ThreatsMobileApplication SecurityCompliance
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
7 Women Leading the Charge in Cybersecurity Research & Analysis
Ericka Chickowski, Contributing Writer, Dark Reading
Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service
Elizabeth Montalbano, Contributor, Dark Reading
Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter
Becky Bracken, Editor, Dark Reading
Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos, Contributing Writer, Dark Reading
Webinars
More Webinars
Reports
More Reports
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports