Facebook | Social Media Blog

Posts Tagged ‘facebook’

Dad catches daughters on webcam: Beware viral Facebook video link

Published by pratyushkp on May 15th, 2011 - in Social, Technology

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook is being hit by another viral message, spreading between users’ walls disguised as a link to a saucy video.

The messages, which are spreading rapidly, use a variety of different links but all claim to be a movie of a dad catching his daughters making a video on their webcam:

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI
[LINK]
two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

The messages also tag some of the victims’ Facebook friends, presumably in an attempt to spread the links more quickly across the social network.

If you make the mistake of clicking on the link you are taken to a webpage which shows a video thumbnail of two scantily clad young women on a bed. The page urges you to play the video, however doing so will post the Facebook message on your own wall as a “Like” and pass it to your friends.

Unfortunately, the new security improvements announced by Facebook this week fail to give any protection or warning about the attack.

When I tested the scam Sophos was presented with a (fake) message telling me that my Adobe Flash plugin had crashed and needed to download a codec.

Users should remember that they should only ever download updates to Adobe Flash from Adobe’s own website – not from anywhere else on the internet as you could be tricked into installing malware.

Ultimately, you may find your browser has been redirected to a webpage promoting a tool for changing your Facebook layout, called Profile Stylez and – on Windows at least – may find you have been prompted to install a program called FreeCodec.exe which really installs the Profile Stylez browser extension.

It’s certainly disappointing to see Facebook’s new security features fail at the first major outbreak – clearly there’s much more work which needs to be done to prevent these sorts of messages spreading rapidly across the social network, tricking users into clicking on links which could be designed to cause harm.

Source :- http://nakedsecurity.sophos.com

Dad catches daughters on webcam: Beware viral Facebook video link (nakedsecurity.sophos.com)
Facebook Scam Alert: Look what happens when Father catches Daughter on Webcam! (techie-buzz.com)
What is FouTube? Viral Facebook clickjacking video scams explored (nakedsecurity.sophos.com)
ALERT: Avoid ‘Father Catches Daughter On Webcam’ (allfacebook.com)
Beware of Fake Osama bin laden links on web! (trak.in)
Beware Video Osama Traps on Facebook (socyberty.com)
“â€œShocking New Video of Osama Bin Ladenâ€™s Deathâ€ Facebook Spam” and related posts (teck.in)
Photo tagged as a Facebook bunnygirl? Beware viral scam (nakedsecurity.sophos.com)
Osama Bin Laden death video scam spreads virally on Facebook (nakedsecurity.sophos.com)
Osama Bin Laden death video scam spreads virally on Facebook (securitybloggersnetwork.com)

Tags: Adobe Flash, Adobe Systems, Audio Video Interleave, Confidence trick, facebook, Osama Bin Laden, social network, Sophos, Webcam, Windows Update

6 Comments »

You Can Now Tag Pages in Facebook Photos

Published by pratyushkp on May 14th, 2011 - in Social, Technology

Image via CrunchBase

Ever had the urgent need to tag the Coke can you’re holding in that beach picnic picture on Facebook? Well, now you can, as the social network has added the ability to tag Pages in Facebook photos.

Starting Wednesday (although the feature does not appear to be live yet), users will be able to tag Pages for Brands & Products as well as People (more options coming soon) in their Facebook photos.

Tagged photos will appear in the Photos tab of a Page, rather than on that Page’s Wall, and anyone can tag a Page — even if a user hasn’t “Liked” it. Page admins can also nix photos from the tab by going into Edit Page > Posting Options > and unchecking “Users can add photos.”

For those who concerned about their privacy, Facebook assures us that privacy settings will still apply; if your photos are visible to everyone, everyone will be able to see the tagged snap, and if your photos are set to “only friends,” only friends will be able to check out that pic of you standing in front of the local Rite Aid.

This move could definitely be beneficial to certain brands. Imagine if people started tagging themselves wearing, say, Levi’s jeans. All of those snaps would then go to the Levi’s Facebook Page and result in free advertising.

Source :- http://mashable.com

You Can Now Tag Pages in Facebook Photos (mashable.com)
You Can Now Tag Pages in Facebook Photos (jessidavis.com)
Tag Pages in Facebook photos (cnn.com)
Now You Can Tag Celebrities In Your Facebook Photos, Too (lockergnome.com)
New Facebook Feature: Tag Your Business in Photos (keepthepeakunique.com)
Can I make them stop tagging my photos? (debsanswers.wordpress.com)
Facebook Launches Photo Tagging for Pages (strategistalks.com)
You Can Now Whore Yourself Out by Tagging Products and Corporate Pages on Facebook [Facebook] (gizmodo.com)
Facebook Rolls Out Page Tagging in Photos (webpronews.com)
Facebook Now Features Photo Tagging for Pages (marketingpilgrim.com)

Tags: Coca-Cola, Coke, facebook, Photograph, privacy settings, social network, Tagged, Tags

3 Comments »

Hypocritical Facebook scores PR own-goal with sleazy attack on Google privacy

Published by pratyushkp on May 14th, 2011 - in Social, Technology

Image via CrunchBase

Facebook has been left red-faced after having to admit that it hired a PR agency to plant negative stories with the press about privacy concerns on Google.

The irony is, of course, that Facebook is hardly a shining example of how an online firm should protect its users’ privacy.

Here’s what happened:

* Facebook secretly hired giant public relations firm Burson-Marsteller to seed stories in the media about privacy concerns with Google Social Search.

The Social Search feature of Google scours the web for publicly available information about you from sites such as Twitter, Yelp, Picasa, and FriendFeed, and displays it in the search results of your online friends.

* Facebook’s plan backfired badly when Burson-Marsteller approached former FTC investigator and blogger Christopher Soghoian offering him the story, but refusing to reveal who its client was. An unimpressed Soghoian published the email exchange.

Amid much speculation, The Daily Beast news website revealed that the firm pulling Burson-Marsteller’s strings was Facebook.

* Facebook confirmed it had hired PR firm Burson-Marsteller to promote the company’s position against Google’s Social Search facility and admitted that it should have presented the issues in a “a serious and transparent way”.

This wouldn’t necessarily have been a problem, if the PR agency had been up-front that it was representing Facebook when pitching the anti-Google stories in the first place. What is seedy is that Facebook’s involvement was deliberately hidden.

This whole story reeks of poor judgement by Facebook and its PR agency.

And it’s rather hypocritical for Facebook to point fingers at possible questions over Google’s attitude to privacy, when its own house is in such a mess.

For instance, Facebook recommends that users adopt privacy settings that can reveal their personal data to anyone on the internet.

Don’t believe me? Read the small print in Facebook’s privacy policy:

"Information set to 'everyone' is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations."

"The default privacy setting for certain types of information you post on Facebook is set to 'everyone.' You can review and change the default settings in your privacy settings. If you delete 'everyone' content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook."

In other words, if you make your Facebook information available to “everyone”, it actually means “everyone, forever”. Because even if you change your mind, it’s too late – and although Facebook say they will remove it from your profile they will have no control about how it is used outside of Facebook.

If Facebook really cared about your privacy online, wouldn’t it recommend more privacy-conscious settings and not default to sharing your profile information with search engines?

If you’re interested in being safer on Facebook, read more about the security and privacy challenges that exist for Facebook users. You could also do a lot worse than follow the advice in our step-by-step guide for better security and privacy on Facebook.

And, if you’re a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.

Full disclosure: Parts of Sophos, although not Naked Security, use Burson-Marsteller on some PR projects.

Source :- http://nakedsecurity.sophos.com

Hypocritical Facebook scores PR own-goal with sleazy attack on Google privacy (nakedsecurity.sophos.com)
Facebook PR firm’s Google smear tactics described as ‘creepy’ (guardian.co.uk)
The Burson-Marsteller Mess: What Happens When the PR Firm Becomes The Story? (customerthink.com)
Facebook smeared Google? C’mon! (slate.com)
Facebook-Google rivalry heats up with PR fiasco (cbsnews.com)
Facebook red-faced after PR attack on Google (windsorstar.com)
Burson-Marsteller Deletes Critical Facebook Posts but Spares Google-Smear Flacks (wired.com)
Busted! Facebook hires PR firm to discredit Google (rt.com)
Facebook red-faced after PR attack on Google (business.financialpost.com)
Facebook-Google rivalry intensifies with PR fiasco (seattletimes.nwsource.com)
Facebook denies Google ‘smear bid’ (mirror.co.uk)

Tags: Burson-Marsteller, Christopher Soghoian, Daily Beast, facebook, FriendFeed, google, Public relations, Social Search

13 Comments »

Facebook announces new security features

Published by pratyushkp on May 13th, 2011 - in Social, Technology

Image via CrunchBase

Facebook has just published an article entitled Keeping You Safe from Scams and Spam. It’s all about improving security on its network.

In the past, Facebook has seemed curiously reluctant to do anything which might impede traffic.

After all, Facebook’s revenue doesn’t come from protecting you, the user. It comes from the traffic you generate whilst using the site.

So this latest announcement is a welcome sign, since some of the new security features prevent or actively discourage you from doing certain things on the Facebook network. Let’s hope that everyone at Facebook has accepted that reduced traffic from safer users will amost certainly give the company higher value in the long term.

But do Facebook’s new security features go far enough? Let’s look them over.

* Partnership with Web of Trust (WOT)

WOT is a Finnish company whose business is based around community site ratings. You tell WOT if you think a site is bad; WOT advises you as you browse what other people have said about the sites you visit.

Community block lists aren’t a new idea – they’ve been used against both email-borne spam and dodgy websites for years – and they aren’t perfect. Here’s what I said about them at the VB2006 conference in Montreal:

[C]ommunity-based block lists can help, and it is suggested that they can be very responsive if the community is large and widespread. (If just one person in the entire world reports a [dodgy] site, everyone else can benefit from this knowledge.)

But the [cybercriminals] can react nimbly, too. For example, using a network of botnet-infected PCs, it would be a simple matter to 'report' that a slew of legitimate sites were bogus. Correcting errors of this sort could take the law-abiding parts of the community a long time, and render the block list unusable until it is sorted out. Alternatively, the community might need to make it tougher to get a [site] added to the list, to resist false positives. This would render the service less responsive.

Another problem with a block list based on “crowd wisdom” is that it can be difficult for sites which were hacked and then cleaned up to get taken off the list. Users will willingly report bad sites, but are rarely prepared to affirm good ones.

False positives, in fact, have already been a problem for Facebook’s own bad-link detector, which is also mentioned in the announcement. Naked Security has had its own articles blocked on Facebook simply for mentioning the name of a scam site.

In short, the effectiveness, accuracy and coverage of the WOT partnership remains to be evaluated. But I approve of the deal. It’s a step forward by Facebook. However, Facebook’s own bad-link detector could do with improvement.

* Clickjacking protection

Facebook introduced some anti-clickjacking measures a while ago. It’s a good idea. If you’re trying to Like a page known to be associated with acquiring Likes through clickjacks, Facebook won’t blindly accept the click. You’ll have to re-confirm it.

Again, I approve of this. But in my opinion, it’s not going far enough. It would be much better if Facebook popped up a confirmation dialog every time you Liked something, so that the “blind Likes” triggered by clickjacking would neither work nor go unnoticed. (Indeed, this popup dialog would be a great place for users to report clickjacks to the WOT community block list!)

That’s not going to happen. Facebook wants Liking to be easy – really easy – as it helps to generate lots of traffic. A popup for every Like almost certainly wouldn’t get past Facebook’s business development managers. Not yet, at any rate. But if we all keep asking, perhaps they’ll see the value?

* Self-XSS

This is a geeky way of saying “Pasting JavaScript into your own address bar.”

We’ve already reported on the potential danger of doing this. When you put JavaScript in your address bar, you implicitly give it permission to run as if it were part of the page you just visited. That’s always a risky proposition. Facebook is adding protection against this behaviour.

Facebook also says it’s working with browser makers on this problem. That’s good.

Perhaps all browsers should simply disallow Javascript in the address bar by default? It’s a useful feature, but the sort of user who might need it would surely be technically savvy enough to turn it on when needed.

* Login approvals

Facebook’s final announcement is what it describes as two factor authentication (2FA). Facebook will optionally send you an SMS every time someone logs in from “a new or unrecognised device”. (Facebook doesn’t say how it defines “new”, or how it recognises devices.)

This is a useful step, and will make stolen Faceook passwords harder to abuse. In the past, you would only see Facebook’s “login from new or unrecognised device” warning next time you used the site, by which time it might have been too late.

The new feature means that you’ll get warnings about unauthorised access attempts pushed to you. Furthermore, the crooks won’t be able to login because they won’t have the magic code in the SMS which is needed to proceed.

It’s a pity Facebook isn’t offering an option to let you enable 2FA every time you login. It would be even nicer if they added a token-based option (and they’d be welcome to charge a reasonable amount for the token) for the more security-conscious user.

A token would also allow users to enjoy the benefits of 2FA without sharing their mobile phone number with Facebook – something they might be unwilling to do after Facebook’s controversial flirtation, earlier this year, with letting app developers get at your address and phone number.

Source :- http://nakedsecurity.sophos.com

Facebook announces new security features – but do they go far enough? (nakedsecurity.sophos.com)
Facebook Partners with Security Startup, Protects Users From Scammer’s Links (readwriteweb.com)
Facebook Security Features Crack Down on Scams and Spam (webpronews.com)
Facebook to Tighten Security to Prevent Spamming (sharepress.org)
Facebook Blocks Malicious Links Via Web Of Trust (allfacebook.com)
Facebook’s Newest Wall (technologyreview.com)
Facebook adds new user security features (news.cnet.com)
Q&A: Fighting a Clickjack Attack (gadgetwise.blogs.nytimes.com)
Facebook adds new user security features (news.cnet.com)
Facebook adopted a warning service (robbiz1978.blogspot.com)
Facebook adds new protection against dubious web links with WOT (venturebeat.com)

Tags: Clickjacking, Confidence trick, Cross-site scripting, facebook, JavaScript, Login, Personal computer, Security, Spam, Two-factor authentication, Web of trust

1 Comment »

PREVENTING SPAM scam on Facebook does exactly the opposite

Published by pratyushkp on May 13th, 2011 - in Social, Technology

Image via CrunchBase

If you’re seeing Facebook messages asking you to “do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT,” don’t do so – you’d be creating spam, not stopping it!

The messages look something like this:

Usually, however, the clickable links at the bottom of messages on your Wall – highlighted in pink below – should look like this:

The scammers have replaced the “Share” option with a link labelled “== VERIFY MY ACCOUNT ==”. Clicking this not only activates the Share option (which you no longer realise you’re pressing), but also invokes a raft of heavily obfuscated JavaScript from a site in the .info domain. (This site is blocked by the web protection software in Sophos‘s endpoint and web gateway products.)

With all the unexpected Sharing going on, this message has spread like wild-fire. Instead of preventing spam, this particular campaign has been generating it at astonishing rates.

The good news is that Facebook seems to have taken some action to prevent the “Share” button being replaced in these messages. Since a few minutes ago, malicious messages appear with no links at all, like this:

The lessons to be learned from this outbreak of spam are as follows:

* Assume that messages which ask you to verify your account by clicking on a link are false. You wouldn’t (I hope) click on links in emails which claimed to come from your bank trying to panic you about your account. That would be a classic phishing scam using a false site to steal your username and password. So don’t trust that sort of link on Facebook, either.

* When you take some action on Facebook which doesn’t deliver what was promised – for example, if you end up Sharing or Liking something you didn’t intend to, or if you click through to an offer or competition which suddenly morphs into something completely different (a bait-and-switch) – assume you have been tricked. Review the side-effects of your actions. Remove any applications you may trustingly have accepted; unlike things you didn’t mean to like; and delete posts you didn’t intend to make.

* Be wary of unexpected changes to Facebook’s interface for Liking, Commenting, Sharing and so forth. Unfortunately, the nature of social networking sites is that they like to undergo rapid change. Cybercrooks exploit this by assuming that you accept ongoing changes as “part of how things work”. Don’t do so. If you see something different, check with an official source to see if it’s expected or not.

If sufficiently many Facebook users dig their heels in every time Facebook makes a gratuitous or confusing change in its interface, its privacy settings or its feature set, then it’s possible that Facebook will learn to adapt in ways which best suit the privacy and safety of its users, instead of adapting to improve its traffic and benefit its paying customers.

(Remember that as a Facebook user, you aren’t a customer. You’re effectively an informal employee, paid not in cash but in kind. Your “wage” is free access to the Facebook system. Your clicks generate the value for which Facebook can charge its customers – the advertisers who benefit from the fact that you use the network at all. Don’t sell yourself short.)

Source :- http://nakedsecurity.sophos.com

PREVENTING SPAM scam on Facebook does exactly the opposite (nakedsecurity.sophos.com)
Facebook spam prevention scam spreading like wildfire (go.theregister.com)
Verify My Account Spam Runs Rampant On Facebook (allfacebook.com)
Facebook Security Features Crack Down on Scams and Spam (webpronews.com)
Facebook adds new user security features (news.cnet.com)
Facebook adds new user security features (news.cnet.com)
“F – You Faggot. Go Kill Yourself”: Facebook Spam Just Got A Whole Lot Hatier (queerty.com)
Don’t fall for the “First Exposure: iPhone 5″ Facebook scam (news.cnet.com)
Don’t fall for ‘First Exposure: iPhone 5′ Facebook scam (news.cnet.com)
Facebook Partners with Security Startup, Protects Users From Scammer’s Links (readwriteweb.com)

Tags: facebook, Facebook features, File sharing, JavaScript, Option (finance), Sophos, Spam, User (computing)

2 Comments »

Sharing Knowledge & Information

Posts Tagged ‘facebook’

Click to Help

Archive

Last 7 Post

Networked Blog

Social Media Blog on Facebook

Sharing Knowledge & Information

Posts Tagged ‘facebook’

Dad catches daughters on webcam: Beware viral Facebook video link

Related articles

You Can Now Tag Pages in Facebook Photos

Related articles

Hypocritical Facebook scores PR own-goal with sleazy attack on Google privacy

Related articles

Facebook announces new security features

Related articles

PREVENTING SPAM scam on Facebook does exactly the opposite

Related articles

Click to Help

Archive

Last 7 Post

Networked Blog

Social Media Blog on Facebook

Cloud