March 23rd, 2009 by Mike
According to Facebook, they have seen five different security threats within the past couple weeks. These security threats are attempting to steal the identity of the friends, fans, and other groups within the social networking site.
One of the threats has been named The Koobface Worm. This worm installs malware onto computers of victims who click on links from friends to watch fake YouTube videos. They also are packaging the malware along with many third party applications that are used by Facebook users. They are trying to trick users into giving them their usernames and passwords so they can send more of these links to the friends and groups you are associated with.
This problem is not just restricted to Facebook, as other forms of this worm have been seen on other social networking sites like MySpace among others. These worms will look for the social networking site’s cookies to get your information and allow them access to connect to your machine. Once infected the malicious user can remotely run commands on your machine, slowing it down considerably and allowing them more computation power to do whatever it is they intend on using your machine to accomplish.
Users tend to trust links sent to them by friends and will not think twice about clicking on a link from a good friend. This is where we need to be more careful. Malware authors have copied the ideas from email spamming and manipulated the idea to work on social networking sites. This is not a new idea; it is just being executed on a different medium.
Think twice about applications and links – even if from a friend
Users are warned to be cautious when clicking on links to off site pages unless they can be absolutely positive that the link is genuine and not a threat to you or your friend’s computers. We also need to be careful when downloading new applications for our social networking sites. These applications are developed by third party developers not associated with Facebook, and can package malicious software like the Koobface Worm onto your computer.
My advice would be to think before downloading that new application invite from one of your friend’s. Ask yourself if the application serves a purpose or is it just another pointless application to prove how many friends you have. Keep these things in mind when using popular Social Networking sites like Facebook. By avoiding these ill advised clicks of the mouse your experience will be more about maintaining your relationships and less of a could-be hassle.
For More Information
Read: Facebook’s Application Privacy Policy
December 17th, 2008 by Mike
Over the past couple days a very serious security flaw has been discovered with Microsoft’s Internet Explorer Web Browser they are now calling the “Zero Day Exploit” (Read more about it here, here, and here) All versions of the browser are affected including the most current versions 6 & 7. This exploit has the ability to compromise your personal information including credit card, and other personal information.
The attacks are seeking to load malicious software onto vulnerable machines. Microsoft has seen several hundred detections of exploits from around the globe, though the sites taking advantage of the vulnerability appear to be hosted on Chinese domains. The exploit sites that have been reported so far have been dropping a wide variety of malware onto affected machines. The most common type of malware being dropped has been password stealers like Win32/OnLineGames, and Win32/Lolyda. Other things include keylogger programs like Win32/Lmir, Trojan horse applications like Win32/Helpud along with some previously unseen malware which is generically detected as Win32/SystemHijack. We should expect that the variety of malware being dropped by this exploit will broaden as the exploit code starts to circulate around the Internet underground. What this means is that you should be wary while using Internet Explorer to surf the web, even in you predominantly surf trusted sites.
The exploit has made it possible for malicious code to be injected into some sites through a process called SQL Injection. Microsoft announced this afternoon that an emergency patch will be released as soon as it is available instead of users having to wait until next month’s regularly scheduled automatic patch update. In the meantime, Microsoft has given a few tips for users to help prevent them from being affected by the security flaw in their browsers. The company recommends setting the Internet zone security setting to “high” and using access control lists to disable Ole32db.dll to provide the most effective protection against an attack. A better solution for you might be to switch to an alternative browser instead of worrying about having to possibly deal with a potential problem in the future. We at Hall are big fans of open source browsers which are not only free but typically have better security and cool features such as built-in pop-up blocking and plug-ins. Specifically we recommend (for Windows Machines):
Most of these browsers will give you the option to import your Internet Explorer settings, bookmarks, etc. when the browser is first installed and used so you’re transition is painless. Enjoy safer, faster, and more secure browsing!
Note: Microsoft has released the critical update that should fix their Internet Explorer browser’s security issue. This patch can be downloaded by running Windows Update, or by visiting this page and clicking on the link next to the description that best describes your current system setup.
September 17th, 2007 by Hall
It’s no news that major corporations are pushing hard to develop a positive image using social networking channels — see the McDonald’s Quality Correspondence Campaign or the backfired Wal-Mart blogging foray — and neither is it news that companies aren’t afraid to use legal recourse to protect their interests… Napster, anyone? But an interesting article about a VW Subpoena to YouTube that appeared in Wired this morning shows a different mix of the two forces: a company taking legal action to protect its copyrighted material, which just so happens to be a piece of negative PR.
Basically, the video in contention is a spoof of a recent VW Golf commercial with some rather unflattering Nazi-themed overtones. Volkswagen filed a subpoena and is now looking to get the user’s identity from YouTube, who complies with the law but alerts users of the filing to give them a chance to respond. While this sort of thing is almost a daily occurrence with file-sharing networks, legal action with social media sites is a relatively new beast, and Wired wonders how dedicated social media sites will be to protecting the identities of their users as more cases like this appear.
As I touched on a couple of weeks ago, the web has a funny way of making temporal comments permanent, and biting those who post things against their better judgment. With major companies taking assertive (and certainly not unreasonable) motions to protect their copyright (and brand), users should really be aware that they’re playing in the real world when they post anything online. At the same time, social media sharing sites should do their best to protect their users — within limits — from themselves.
August 31st, 2007 by Hall
An interesting article appeared in the New York Times last week concerning people who appeared in news stories that were wrong or incomplete coming back to haunt them later in life. The story points out the stories of several people for whom articles with inaccuracies appear at the top of Google — things like mismatched credentials, charges that were dropped later, stories phrased from one point of view without a counterpoint. While in the offline world these articles are long buried in stocks of microfilm no one will care to review, the supreme authority of nytimes.com keeps them at the top of Google ad infinitum.
It’s a very particular problem and I applaud the Times for taking it on, though the solution to the problem is a rather muddy one. Who’s to blame — SEO or Google? To what extent is an entity responsible for removing articles that may be inaccurate? And who polices all this information?
Of course, this is just one example of the bigger issue of what people can find about you on the ‘net determining the outcome of your job opportunities, reputation, and even criminal record — what with Facebook commonly scrutinized by job recruiters, MySpace pictures leading to criminal charges and the possibly damning result of Googling: “Insert your name here.” To some extent, this is the same question posed by the controversy around Google street view — how much privacy can you reasonably expect in our technology heavy times?
The glaring obvious answer is, of course, don’t say anything stupid on the internet, but it’s a fairly insufficient one. After all, while you may hope that no one sees comment #143 on an obscure message board or blog out there in cyberspace, the New York Times brings an inherent trust that is good enough for Google, and good enough for the person checking out your good name.
