Sophos, an IT security and control company, has been vociferously critical of Facebook and its attitudes towards the personal security of its users. In the company’s annual review of last years malware scene and the prospects for 2011, the company lays out some of the reasons why.
Just this week, Sophos criticised Facebook for the social network’s decision to allow application developers to access users’ phone numbers and addresses. Facebook pointed out that this was only by consent of the user but has, at least temporarily, withdrawn its plans.
Graham Cluley, senior technology consultant at Sophos, told eWEEK Europe, “Facebook has turned about face a little bit because there was so much outcry regarding the sharing of data and the lax attitude they were showing about it – which is good because it showed them that people didn’t love Facebook as much as it thought. But I think we have to wait to see what they are really going to do.”
In the Sophos report, Security Threat Report 2011, the analysis of last year claims that cyber attacks on social networks have more or less doubled between April, 2009, and December, 2010. With over 500 million users, Facebook is by far the most important aocial networking site and should be, Cluley maintains, leading the way in protecting its users
“I think there are two possibilities with Facebook. One is that they simply don’t get privacy and security. The only other possibility is that they don’t care. I’d like to think it’s still possibly the first one and they might learn – but I’m beginning to increasingly suspect it might be the second.”
For the report, Sophos asked 1,273 users about their Facebook experiences. Two-thirds of the sample claimed to have been spammed and 43 percent claimed to have been targeted by phishing attacks. The reason for this is because users are in a seemingly secure environment and are much more likely to click on links that apparently come from friends than they are when responding to emails, Cluley said.
“I think [the scammers] are doing this because they find it easier to get their links and other dangerous stuff to people via social networks than they do by traditional email. That’s why we need Facebook, in particular – but there are others as well – to up their game when it comes to security,” he said. “They should be scanning every message to see if it contains a malicious link. They should be scanning to see if it contains spammy content. Just like Gmail, Yahoo and Hotmail do.”
He pointed out that the plans to issue every user with a facebook.com email address this year will introduce new opportunities for cyber-crime and will open people up to even more abuse.
Despite the fact that 82 percent of the survey sample felt that Facebook posed the biggest risk, the report indicates that the biggest and most successful attack of 2011 was the so-called “onMouseOver” worm that hit Twitter users. This cross-scripting attack hit several high-profile Tweeters.
Cluley also warned of distributed denial of service (DDoS) attacks like those which followed the hounding of Wikileaks and caused the site to switch hosting service repeatedly. The fact that a corporate site can be brought down by these DDoS attacks shows how vulnerable Web presence has become.
The problem is that senior managers do not realise the value of investments which successfully block DDoS attacks – simply because nothing much happens. Most companies will not invest in securing their Internet presence until something bad happens to them, says Cluley.
Education is the key to security awareness. Sophos has an educational toolkit for companies that want their staff to be more aware of the social networking threat. However, there are many areas where the average user lacks the knowledge of how to avoid malware.
“Many computer users still don’t realise that you can wind up with something nasty on your machine simply by visiting a Website,” Cluley said. “Over the year we saw an average of 30,000 new malicious URLs every day – that’s one every two to three seconds. More than 70 percent of these are legitimate Websites that have been hacked.”
Google clashes with US Justice Department in closing arguments as government argues Google used illegal…
Prominent Stanford University AI scientist Fei-Fei Li reportedly completes funding round for start-up based on…
Apple shares surge on optimism that new AI-focused hardware launches will drive renewed sales, starting…
Biden vetoes Republican-backed measure amidst dispute over 'joint employer' status for contract workers, affecting tech…
Lawyers in US social media addiction action say strict controls on Douyin in China show…
More than 10,000 London black cab drivers sue Uber claiming company acted illegally to obtain…
View Comments
lol connect with facebook button at the bottom. How do I know this isnt phising
It is because of security issues like these that stopped me not joining Facebook. Until they figure out how to gain my trust, I will not bother.
Nice article BTW :)
SAm doesnt have the problem. We make sure we dont share any information with anyone ever. And we dont allow access to you profile and data to anybody else.
SAM - http://www.socialalertme.com - The Future of Social Networking.
I totally agree about FACEBOOK and their couldn't care less attitude to the info held on their site.
My wife simply ticked the ' I Like ' button for something a friend sent her and since then she has received daily e mails from people on a site called Be Naughty who are sending explicit photos and trying to meet her for sex. When I investigated the site it had made her some sort of member and even uploaded her profile picture from her FACEBOOK page.
There is so much literature about Facebook and its "policies", that users might know where they put their feet in.
When a decent competitor will show up, things will change but until then you can do as Sue and pass your way.
Website and personal security is utterly important. It's good to have a reminder that we need to be aware on what we are clicking on and signing up to.