Facebook Security
WiFi hackers able to easily assume your identity
on websites such as Facebook, Windows Live
The Wall Street Journal and many other tech bloggers are reporting some frightening problems regarding how easily I.D. information can be accessed through systems such as Facebook or email.
It’s not just who you’re friends with.
Hackers can easily, within three clicks from open share software, now find unsecured (non-https) “cookies” going out on WiFi networks, even networks with firewalls. These “cookies” contain information such as Facebook user I.D.s which allow hackers to get into people’s messaging or Facebook accounts, read them, and even post anything to them as if they were the actual account owner. Readers would never know that an imposter, not the owner, has posted.
A Seattle freelance computer programmer, Eric Bulter, has also warned of Facebook’s lack of security when it comes to log in information—specifically, log in information being sent over an unsecured wireless internet network. This programmer created a program to exploit and draw attention to how users’ personal log in information and passwords are being “shouted ”when unsecured wireless websites such as Facebook are used at unsecured wireless internet networks such as the one at UCC and many other college campuses or at coffee shops and bookstores.
Even if the user keeps a low profile on Facebook.
This is just the latest in the string of Facebook notorious privacy violations. Facebook has also recently “inadvertently” leaked information that included user’s information within the URL’s to third parties such as advertisers.
This violates Facebook’s privacy policy. Facebook has since responded to allegations by saying they are “over-hyped” and a spokesperson from Facebook told the Wall Street Journal that they are taking steps to “dramatically limit” the inadvertent leaking. However, Facebook has refused to encrypt data in the past and has said that the only way to do this now is on a “case by case basis.”
The Facebook concession being offered comes four months after privacy organizations and concerned groups such as the ACLU asked Facebook to encrypt I.D. cookies and fix application security as well as other privacy issues.
One, but not all, of the problems is Facebook’s use of “apps” or applications that are usually devolved by a third party. Games are a common form of apps used on Facebook. The Wall Street journal reported that all 10 of the top 10 Facebook apps were transmitting I.D. information. This includes Farmville, Texas HoldEm Poker, and Top Friends. Facebook’s plan, called the Canvas Encryption Proposal, states parameters for apps to not include UID’s in the URL.
Although fixing the app contractors will help, hackers can still access users’ log-in information and passwords if they use unsecured log-in websites and unsecured wireless internet. Facebook’s log in is unsecured, a problem that the ACLU has also asked Facebook to fix by converting to a https connection.
But, until then the most straight forward way to protect personal information is to turn off the apps completely. You can do this by logging into Facebook, and go to the “Account” menu in the upper right hand corner, select “Privacy Settings,” and then choose to edit your settings under “Applications and Websites” in the lower left hand corner. Then click on the option to “Turn off all platform applications.”
On the other side of all of the privacy blunders Facebook has experienced, they have just applied for a patent to further profile Facebook users for targeted advertising called “inferential ad targeting.” Facebook aims to leverage information about a user’s interests from analyzing a user’s direct and indirect connections with friends and website browsing. The purpose is to target people who don’t put much information on their Facebook so advertisers can effectively advertise to even the lowest of low profile Facebook users.
| The Mainstream is a student publication of Umpqua Community College. | About us | Advertising | Archives |