Comments on: Facebook attacks likely to rise http://www.commondork.com/2009/01/30/facebook-attacks-likely-to-rise/ A personal foray into information and network security. Fri, 16 Dec 2011 09:26:38 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Adam http://www.commondork.com/2009/01/30/facebook-attacks-likely-to-rise/comment-page-1/#comment-6 Adam Tue, 03 Feb 2009 04:20:48 +0000 http://www.commondork.com/?p=211#comment-6 Excellent points Bryan. In regards to your third point, perhaps Facebook could issue an API key or prompt a user for a password that would easily enable their profile to be frozen. By frozen I mean temporarily shut down or unavailable to any other member of Facebook or the web robots. Not only would this help prevent an incident like yours but would also increase the forensic abilities of Facebook and possibly the authorities if the situation warrants their involvement. Obviously the management of this API key or password would be critical but might be something worth looking into. Any which way you look at it though I agree Facebook does need to upgrade their security and security awareness. Excellent points Bryan. In regards to your third point, perhaps Facebook could issue an API key or prompt a user for a password that would easily enable their profile to be frozen. By frozen I mean temporarily shut down or unavailable to any other member of Facebook or the web robots. Not only would this help prevent an incident like yours but would also increase the forensic abilities of Facebook and possibly the authorities if the situation warrants their involvement. Obviously the management of this API key or password would be critical but might be something worth looking into. Any which way you look at it though I agree Facebook does need to upgrade their security and security awareness.

]]> By: Bryan http://www.commondork.com/2009/01/30/facebook-attacks-likely-to-rise/comment-page-1/#comment-5 Bryan Mon, 02 Feb 2009 22:34:21 +0000 http://www.commondork.com/?p=211#comment-5 Rutberg here. Good points all. As a tech professional I really am aware of the risks. My feeling is not that I should not have been hacked; that's just human nature. Bad guys will hack and bad guys will try to con innocents like my friends. My points are, 1. that FB could do more to authenticate users and make it harder for hackers to take over users' pages 2. FB could do more to educate users, both *generally* about how to avoid hacking (such as your excellent advice above) and to watch out for scammers if a friends' page should be hacked; and *specifically* by highlighting current scams to its users. Awareness and a vigilant service provider equals fewer opportunities for hackers. It's like policing - sometimes you just wanna move the bad guys along to the next block and make it someone else's problem. FB is big enough now that they should have an education program. 3. FB *must* provide a way for users to get their pages shut down more quickly if they do fall victim to id theft and a hacked page. It took me an unnecessarily long time to get my page shut down, and *I* got lucky due to my cousin's connection who works at FB. If I hadn't had that connection, the scammer could have operated for a lot longer using my account. Thanks for increasing the exposure of this story. Rutberg here. Good points all. As a tech professional I really am aware of the risks. My feeling is not that I should not have been hacked; that’s just human nature. Bad guys will hack and bad guys will try to con innocents like my friends. My points are,

1. that FB could do more to authenticate users and make it harder for hackers to take over users’ pages
2. FB could do more to educate users, both *generally* about how to avoid hacking (such as your excellent advice above) and to watch out for scammers if a friends’ page should be hacked; and *specifically* by highlighting current scams to its users. Awareness and a vigilant service provider equals fewer opportunities for hackers. It’s like policing – sometimes you just wanna move the bad guys along to the next block and make it someone else’s problem. FB is big enough now that they should have an education program.
3. FB *must* provide a way for users to get their pages shut down more quickly if they do fall victim to id theft and a hacked page. It took me an unnecessarily long time to get my page shut down, and *I* got lucky due to my cousin’s connection who works at FB. If I hadn’t had that connection, the scammer could have operated for a lot longer using my account.

Thanks for increasing the exposure of this story.

]]>