In recent news Facebook has been taking on a lot of criticism for its lack of security, and considering its massive presence on the Internet, this is a very pressing issue. Facebook has recently responded to some of these complaints with some security changes, hoping to solve many of its security weak points. Although some progress is being recognized, there is still a huge security threat present. Facebook, similar to most social networks, has its biggest security flaws not in its technology but rather how people perceive the technology.
I am sure that Facebook needs no real introduction due to its presence as the worlds largest social networking website. Facebook has grown from a simple single-college social website where pictures were posted with corresponding captions and posts to a worldwide social networking website with thousand of applications available. Attached to every Facebook account are pictures, a profile, videos, messages, and possibly many other applications that any user can subscribe to and use. Users update their information on Facebook every day; all of this information is available (by default) to your “friends,” although individuals can adjust their preferences to limit what information is available to different people.
From a security standpoint, it would be my goal to have my information available to only the people that I specify. It is also important to be to only one that is in control the information that is associated with my profile, so that other people do not have unauthorized access to my profile. Additionally, my information should always be available to be change or deleted by me and only me.
There are security threats present that many users do not consider while logging onto Facebook on a daily basis. Many Facebook users put a lot of personal information onto their accounts without really considering who has access to this information. By default all of your Facebook “friends” have access to any information that you put onto your account, which often includes where you are from, your birthday, contact information, and pictures of you. Often people do not take the necessary precautions and have hundreds or thousands of “friends” that can range from family to mere acquaintances or even people that you do not know. Not only does Facebook provide the medium for too much information being available for too many people, but also Facebook has become another effective way for hackers to attack their victims. The two main goals that attackers have when using Facebook is the theft of data directly through the site and using Facebook to hack onto users computers through applications and phishing. An example of this was the Koobface virus, which sent messages and wallposts to the victims friends prompting them to click a link which led to malware disguised as an adobe download. Viruses such as this are uniquely effective since users usually trust their virtual friends. Some Facebook applications such as ‘Secret Crush’ work the same way. There is also a vulnerability to phishing, which is similar to how these scams manipulate email accounts as we have previously studied.
Allow the technology is not necessarily completely at fault (rather it is the user’s misunderstanding and lack of a security mindset), Facebook easily provides the circumstances for attacks to take place. The risks and potential threat that this security flaw poses is nearly immeasurable, with too many people unaware of the risk and blatantly exploiting themselves. Successful attacks via Facebook not only have the potential to compromise information such as your email and personal profile, but also these attacks can lead to malware attacks that can compromise your credit card numbers, social security numbers, and any other data that your personal computer may have stored.
My recommendation is simple; do not put any information on Facebook that you would not want to share with the public and be constantly aware of potential attacks. It is better to be suspicious when dealing with messages and posts that contain any sort of link or that look unordinary. It is important to not get to comfortable in virtual networks and to always be aware of the security threats that are present.
http://www.computerworld.com/s/article/9189981/Facebook_takes_on_privacy_with_new_tools?taxonomyId=17
http://www.h-desk.com/articles/5_Facebook_Security_Threats_a53_f0.html
Posts
My first reaction when reading an article like this is "duh." It seems like common sense that a user of Facebook should not put information on his or her profile that he would not want to whole world to know. I, however, forget that this is a major issue for many people. Just looking through the friends I have on Facebook, I see people with phone numbers and other personal information on their sites. The question is that is this information really safe, or is it vulnerable to a hacking attack?
ReplyDeleteThe world today is very technological. I get a letter in the mail maybe once a month, but I receive around twenty e-mails per day. There are no longer landlines, but smartphones are everywhere. In a more technological environment, users need to be more aware of the things that are going on and how they are vulnerable to attack. Facebook users need to know about the ways that they can be scammed through the site. It may be a social networking site, but there are ways for hackers to use the profiles to gain access to much more sensitive information. The creators of the site, however, deserve some of the blame for the problems that users experience.
Why are hackers able to gain access to the site? Are their security insufficiencies within Facebook? I believe that though it may be difficult with a social networking site such as Facebook, the users need to be protected from such attacks. Possible ways to achieve this are similar to those the Twitter faced in it's problems. Users putting downloads on one another's walls need to be checked and monitored. I believe that Facebook also needs to educate users on the attacks and warning signs.
With cooperation between the users and the site, Facebook can take steps to become even better and more populat than it already is.
I agree with your suggestion that users need to take their security into their own hands in order to protect themselves. Another issue that tends to make people uncomfortable about the website is the ability for friends to add pictures and information to your page. This is a factor of security that cannot be accounted for unless Facebook implements a feature that makes all comments and changes go through the user in order for them to be posted.
ReplyDeleteWhile it is the user's responsibility to make sure that their information is secure, it is also the duty of the social website to make sure that its users are safe from people with malicious intent. With the inter-connectivity of the world today it is almost impossible to not be apart of some social networking site. Because of this, these companies that run these sites need to make sure that the information posted on them is secure.
I think this is an interesting concept- that the way people perceive their safety is not the way it really is. In fact, I would go further and argue that the explosion of social media as a pass-time for people worldwide (and even an addiction) is conducive to a decreased presence of the "security mindset" you discuss.
ReplyDeleteWhen we see people around us doing something frequently, we tend to assume that it is safe. When I'm in the library and I see Facebook on everyone's computer screen it tends to feel like Facebook is as much in the open air and transparent as the setting of the library itself.
What I mean to say is that people don't really perceive of the technology behind the GUI on websites they use. They don't see the website as an extension of something deeply complicated and technical, but rather as a part of "daily life"- an activity that we do- accepting the risk- just as readily as we drive our cars each day and accept the risk.
I think that the lack of security on facebook is especially alarming considering the fact that many employers and schools admit to using facebook as a way to screen potential employees and university/graduate school applicants, as well as check up on current employees and students.
ReplyDeleteAlthough many believe that their information on facebook is "private," as the article I posted below explains, there are various ways of getting past this. Many people happen to be facebook friends with coworkers and many people sign in to facebook at work, which puts their log in information at risk because a lot of computers automatically store usernames and passwords.
According to the second article I posted below, 10% of admissions officers surveyed said that they used Facebook to screen applicants, and 38% said that what they found on Facebook negatively influenced their views of the potential student. This is a gray area right now because there are no current guidelines that specify whether or not this is a breach of privacy.
As the first article I posted below states, the best thing for Facebook users to do right now is to strictly limit what information they put on the site. Even if you think your information is secure, you really don't know who is viewing it and how it could potentially affect your future.
http://hubpages.com/hub/How_employers_look_at_Myspace_and_Facebook_pages
http://online.wsj.com/article/SB122170459104151023.html
I have actually read through the facebook policy and some of the things we all agree to are kind of alarming. First, facebook reserves the right to save all information you give them up to 180 days. After that period your name is erased or detached from all of the information, but it is still kept. Secondly, facebook does not own all of the games/ads/extras offered off of facebook. If any of your friends participate in these activities facebook grants this third party access to your "non deletable information" that includes, name, gender, birthday, profile picture, and email. These sets of information can never be hidden or deleted and are given upon accessing facebook. Even if you never take part in any of the third party activities your information is likely being handed out as more and more friends participate. Lastly, one of the most surprising and slightly alarming aspects of the facebook policy occurs when someone passes away. Facebook memorializes the account, denying access into the account and allows all of their information to stay online. The only way to permanently delete the account is the have the respective person's next of kin personally contact facebook managers to remove the account.
ReplyDeleteYes, I do believe a lot of users share too much information with facebook and others on facebook. However, I also think facebook has taken it a little to far in some of its premises. You can no longer hide any basic information from anyone searching for your name. Yes there is the idea of if you have nothing to hide then why are you worried, but at the same time I think this is an issue of security and personal privacy.