Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Imperva Comments On Facebook Privacy Flaw

Imperva : 07 May, 2010  (Technical Article)
CTO at Imperva believes that the inherent nature of social networking sites like Facebook lends themselves to privacy issues and therefore reminds users to restrict content to information that they feel comfortable with sharing
A Facebook security flaw was picked up yesterday evening by a few users who found that they could view their friends live chats, see their friends pending friend-requests and which friends they had in common.

Amichai Shulman, CTO, Imperva gives some insight into the flaw: "It seems as though there is a 'preview' mode for your profile that should have been used when setting privacy options (this mode allows you to understand the effect of your new settings on what people see about you). There was a bug in that mode that actually allowed you to 'preview' not only your account but rather other people accounts as well.

The flaw was caused by a software bug and since the bug did not affect functionality but rather privacy and security it was not detected through the testing process. This is a key mistake by many organizations where testing is oriented towards what the application should do rather than what it shouldn't be doing. Social networks should test their applications more rigorously for security issues. However, with respect to privacy issues in social networking this is like telling a seaman 'avoid deep water'.

I think that they should be managing their risk properly and focusing on the real issues which are infections and worms. Social networking sites should focus on avoiding malware distribution through shared content. While I do think that they should strive to provide the required privacy, the essence of social networking platforms is making your personal information public. Losing control of it in the process should be accepted as an inherent risk.

Facebook or others cannot inherently do something different to prevent this from happening in the future. In a platform where sharing information is the DEFAULT, one must expect privacy breaches.

My advice to consumers is to reiterate that you should not put up anything on the internet that you are not willing to share with the world."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo