Barracuda compares Google+ vs Facebook with respect to SSL and Secure Headers. Google+ wins.
Two good ways to reduce security risks on social networking sites
- super-logoff – deactivate and log off
- wall-scrubbing – delete wall messages and status updates
John Pescatore harkens back 59 years ago to the first direct dial transcontinental telephone call and 100 years before that when the telegraph was spreading throughout the U.S., comparing that to Facebook.
Same thing going on in security today – next generation firewalls and secure web gateways are way less about blocking and way more about securely enabling connectivity of people and applications – applications like social networking…
It’s hard to believe that Firesheep is only two weeks old. In response to Firesheep, Microsoft said it will convert its Hotmail / Windows Live email service to SSL. Google did this for Gmail some time ago, well before Firesheep.
Facebook says it will also address the issue in the coming months.
So there is no doubt that more and more web traffic will be SSL encrypted and hidden from corporate control. I wrote about this last week, Easy fix for Firesheep creates a problem for enterprises.
Gartner’s John Pescatore weighs in on the latest chapter in the ongoing Facebook privacy controversy.
Basically, what you see is Facebook taking several steps to protect its customers – advertisers. If they were trying to protect Facebook users, they would have taken very different steps. Because what you don’t see is any real attention to actually addressing the real vulnerabilities.
So, the key takeaway: make sure that you are the actual customer when you trust your data or your customers’ data to a social network or cloud service provider, or any other 3rd party for that matter. A cloud provider can claim they are better at running a data center than you are, but if they are focusing on protecting their advertising revenue, not your data, that claim is meaningless.
Privacy vulnerabilities continue to be revealed on social networking sites like Facebook and MySpace reports the NYTimes. The Times describes two research papers which discuss how unethical advertisers can game social networks to determine people’s private profile information like sexual orientation.
Facebook counters that it has tools in place to prevent unethical advertiser behavior. However, Facebook realizes it needs to do more. In fact, Facebook announced that it proposing encrypting user IDs as a way to prevent the sharing of IDs with data brokers. But Facebook admits this will only “address the inadvertent sharing of this information on Facebook.”
Mashable weighs in with the obvious question, “Frankly, we think that encrypting the UID parameters within an iFrame is a good idea and a good first step towards accountability. Our big question is: Why is this only happening now?”
If you are looking for a clearer technical explanation of what the fuss is all about and the limited step Facebook is proposing read Ars Technica’s, Facebook touts encryption as solution to security flaw.
Improve your Facebook account security by changing the default setting under “Account Security” for “Would you like to receive notifications for logins from new devices?”
The default is no. Change it to yes.
If I understand this correctly, you will get notified when any third party application logs in to post a message.
There is a caveat though:
Of course, one thing to beware is that it would be easy for hackers to fake an email to appear as though it were one of the messages from Facebook, warning you that your account had been accessed. And if in a blind panic you clicked on a link in that bogus email, you might be taken to a phishing site.