Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/14/2010
03:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Product Watch: Facebook Adds New Anti-Hacking Protections

Security feature blocks suspicious logins

Facebook yesterday added new security features to help protect user accounts from unauthorized access. But the login notification and blocking protections thus far have been overshadowed by a growing wave of discontent over Facebook's new "instant personalization" features that have led to unprecedented scrutiny by regulators and privacy advocates, as well as campaigns urging users to delete their accounts.

The social network has been under fire since it instituted it instituted its "social plug-ins" -- backlash that reportedly led to a closed door, all-hands-on-deck meeting at the company yesterday to discuss its privacy policies.

Meantime, Facebook's new security features may not directly address the privacy controversy, but they do offer some controls for protecting user accounts from hacking. The login notification feature lets users approve devices they use to log into their Facebook account and receive notifications when their account is accessed from a non-approved device. It now appears under the Account Settings page, under "Account Security."

"For example, you can save your home computer, your school or work computer, and your mobile phone. Once you've done this, whenever someone logs in to your account from a device not on this list, we'll ask the person to name the device," blogged Facebook's Lev Popov, a software engineer on Facebook's site integrity team. "We'll also send you an immediate email notification - and if you want, a text message - so that you're always up to speed on how your account is being accessed. This notification will provide steps on how to reset your password and remove the device, so you can quickly secure your account if it's being accessed from a device you don't recognize."

The second new feature blocks suspicious logins before they get through. "When we see that someone is trying to access your account from an unusual device, we'll ask the person to answer an additional verification question to prove his or her identity as the real account owner. For example, we might ask the person to enter a birth date, identify a friend in a photo or answer a security question if you've previously provided one," Popov said in his blog post.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Assessing Cybersecurity Risk in Todays Enterprises
Assessing Cybersecurity Risk in Todays Enterprises
COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27772
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
CVE-2020-27773
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
CVE-2020-28950
PUBLISHED: 2020-12-04
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
CVE-2020-27774
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but co...
CVE-2020-27775
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but c...