Likejacking — One More Reason to NOT Trust Facebook — by Stephen Mahaney

It appears that Facebook's approach to security and privacy can be summed up in three words.

Ready, Fire, Aim.

As everyone seems to now know, Facebook made a bunch of changes to make their privacy settings more, uh ...granular in order to supposedly give users more control. But it seems that backfired and caused a huge uproar that mobilized both privacy and consumer advocates and politicians as well. It also opened up security breaches which further compromised the privacy of many of their users. What's clear is that Facebook didn't ask, they just went ahead and did it. And, for the most part, people hated the changes and Facebook is now rolling some of them back. But in the end, they chipped away a net gain of privacy concessions begrudgedly now accepted by their users.

But the real news should be that Facebook's process is broken. Their modus operandi (MO) is to roll out their changes without thinking them entirely through. This, of course, creates a certain amount of confusion among users while providing apparently ample opportunities for unscrupulous types to exploit the loopholes left behind by Facebook's poorly planned and badly executed changes.

So, it should come as no surprise that, during this past weekend holiday, their so-called Like button became the means by which hundreds of thousands of facebook users became infected with the Viral clickjacking 'Like' Worm. According to sophos.com the infected users fell for "a social-engineering trick which allowed a clickjacking worm to spread quickly."

Sophos further explains that "visiting users are tricked into "liking" a page without necessarily realizing they are recommending it to all of their Facebook friends."

To learn how to avoid being infected, or to find out if you have already been infected and what you can do about it, see the sophos.com article. In the meantime, perhaps you should be afraid to use Facebook... perhaps very afraid. Otherwise you risk becoming just one more piece of collateral damage as a result of their Ready, Fire, Aim way of doing things ...oops, sorry.

Share |

Top Privacy News From Around The Web

Facebook in Privacy Breach
Top-Ranked Applications Transmit Personal IDs, a Journal Investigation Finds.

Survey: Privacy doesn't matter to kids engaging in risky online behaviors. McAfee survey states that children are coming of age with the belief that privacy doesn't matter anymore.

If You Want Privacy on Facebook, You Should Pay for It. At least one Web CEO thinks Facebook could do a better job of protecting privacy if they charged fees for its services!

How to Boost Your Privacy on Facebook, One Post at a Time. Want to share but not with everyone? Here's how to select who sees what.

Facebook Failing to Tackle Likejacking. Likejacking attacks are scams that exploit Facebook's 'like' button. Attack automatically updates user's profile saying they 'like' a specific page.

Facebook Rebukes Privacy Groups Says recent privacy simplifications are sufficient. Privacy advocates strongly disagree!

Privacy Uh-Oh: Droid Incredible Takes Secret Screenshots of your Browsing History! Not even a full factory reset will delete them!

HTC Droid Incredible Privacy Concerns Emerge. Takes snapshots of the websites you visit. Here's how to manually delete them!

Facebook '09 Revenue Neared $800 Million. Apparently Facebook's financial performance is even stronger than previously believed!

Online Privacy: Your Life Is an Open Book. For $2.95 a month, anyone can find your name, age, ethnicity, marital status, religion, politics, address, home phone number, mobile phone number, e-mail address, social networking profiles, photos, videos and blogs.

WebPrivacy.com

Likejacking — One More Reason to NOT Trust Facebook — by Stephen Mahaney

Top Privacy News From Around The Web