BinInt

...thoughts and news on digital forensics, pentesting, electronic investigations, and the computer underground.

10/23/2009
Posted by Matt C

Facebook Security - Relying on Friends

Another article came along regarding Facebook security and hijacked applications. What I found most interesting was this quote:

On top of all these security issues, in August many Facebook users were surprised to discover the vast amounts of personal information they were revealing by their use of Facebook quizzes. Even if you limit access to your profile through privacy settings, Facebook quiz applications can see everything on your profile page when you take a quiz...or even when your friend takes one. To make matters worse, Facebook does not screen developers for trustworthiness nor do they require developers to comply with a privacy policy.
"...or even when your friend takes one." I've always thought that it's kind of shady that quizzes and applications can access my friends' personal data. I shy away from the apps and quizzes for this specific reason. But, are my friends providing me the same courtesy? By being on Facebook, am I putting my personal information security in my friends' hands? Facebook has done better with increased privacy settings, and hopefully users have changed those settings to be more restrictive.

If I was a malicious user, I would absolutely create as many quizzes as I could that would take advantage of the automatic data mining capabilities of Facebook.

It seems like a recurring theme on this blog lately, but be careful of what you post online.

0 comments:

Post a Comment