Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Sophos Warns On Rogue Facebook Application

Sophos : 18 January, 2011  (Technical Article)
Application on Facebook is able to recover home addresses and telephone numbers from user profiles warns Sophos
IT security and control firm Sophos is advising users of Facebook to remove their addresses and phone numbers from the site, after the social network plunged itself into controversy by announcing to developers that users' off-site contact details will now be accessible programmatically.

In a move that, in the opinion of a Sophos security expert, could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.

"This change isn't as drastic as it might first appear, because users will need to give permission for third-party Facebook applications to access this data," explained Graham Cluley, senior technology consultant at Sophos. "But it still sounds like a recipe for disaster, given the prevalence of rogue scam applications already on Facebook - all of which benefit from apparently being blessed by the Facebook name and brand."

Facebook is already plagued by rogue applications that post spam links to users' walls, point users to survey scams that earn them commission - and sometimes even trick users into handing over their cellphone numbers to sign them up for a premium rate service.

Now, rogue app developers will find it easier than ever before to gather even more personal information from users.

Sophos believes that Facebook should be making a more publicly visible effort to eliminate rogue application providers first, before opening up such valuable and easily abused personal information to its developer community.

"Facebook told its alleged one million app developers how to ask users for permission to access this newly liberated data late on Friday night, but we already know many users don't bother reading the small print and just click the button without thinking of the consequences," continued Cluley. "What they've failed to do is explain how Facebook will become more safety-conscious now that it has taken this controversial step."

Suggestions are flying around Twitter that users should change their mobile number to that of Facebook's US customer service line, thus ensuring that any misuse of this new feature ends up paining Facebook.

Sophos advises that all Facebook users do the following:

* Remove your address and phone number from Facebook immediately. If Facebook doesn't have this information, it can't let it fall into the wrong hands. And you can't be accused of deliberately giving false information.

* Review all your Facebook privacy settings.

* Join the Sophos facebook page for ongoing information about security risks and how to avoid them.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo