Facebook founder Mark Zuckerberg was hacked last month.
On December 7, more than a dozen private photos of Zuckerberg were
leaked to photo-sharing site Imgur under the headline, "It's time to fix
those security flaws Facebook." The social network later confirmed that
the flaw was the result of a recent code push and was live "for a
limited period of time"--affecting not just Zuckerberg's account, but
also an undetermined number of others.
This latest security problem comes one week after Facebook agreed to settle the charges with the FTC
that it deceived consumers by telling them they could keep their
information on Facebook private, then allowed it to be shared and made
public.
Unfortunate timing for Facebook, no doubt. But, according to Mike Geide, senior security researcher at Zscaler ThreatLabZ,
a cloud security company, Facebook has stepped up its security measures
in the last year, though "there's certainly room for improvement," he
says.
"Hackers are getting more and more sophisticated with their attacks,"
Geide says. "Facebook credentials that are stolen and sold underground
are a huge commodity--kind of like email addresses are for spammers."
As hackers up the ante with attacks, Facebook users need to take
extra precautions and exercise better judgment to ensure their
accounts--and their personal information--stay safe. Here are four ways
to do so.
1. Enable SSL Encryption
In the past, Facebook used HTTPS--Hypertext Transfer Protocol
Secure--only when you entered your password. If you've shopped or banked
online, you might also notice this amped-up security feature, denoted
by a small lock icon that appears in your address bar, or just a green
address bar. Facebook now applies SSL encryption to all browsing done on
the site, and it is strongly recommended if you use public computers or
access points, such as at coffee shops, airports or libraries.
To enable this security feature, visit your Account Settings page,
then choose "Security" from the options on the left side of the screen.
Here, you'll be able to see whether this option, "Secure Browsing," is
enabled or disabled. Click "Edit" to enable it.
Do note that encrypted pages take longer to load in this mode and that not all third-party apps may support it.
[Want more tips, tricks and details on Facebook privacy? Check out CIO.com's Facebook Bible.]
2. Be Wary of Information You Share
The information you share
in your profile may seem harmless, but particular pieces are popular
"ins" with hackers. Take, for example, your birthday. This piece of
data, Geide says, is sometimes used in security questions. Disclosing it
at will could put you at risk.
Geide also recommends opting out of the feature that lets you--and
your friends--check you into places. Here's how to find this setting:
Navigate to your Privacy Settings page and click "Edit Settings" next to "How Tags Work." Then, turn it off.
Geide says that hackers use your location data not just for physical-world attacks
such as stalking and robbery, but for social-engineering attacks, too.
One example of this: messaging you to say, "Hey, I met you at XYZ
conference last week," in order to obtain more information or promote a
malicious link.
3. Use Applications and Games Sparingly
In the past, rogue Facebook apps
have spammed users and hijacked accounts. Facebook has since put a
number of safety protocols, such as App Passwords, in place to better
vet their apps and ensure security.
App passwords are one-time passwords you use to log into your apps,
without needing to enter your Facebook password. To get an app
password, go to your Account Settings, then select the Security tab.
Click "Edit" next to App Passwords, then follow the prompts.
Geide also recommends carefully reviewing the permissions granted to Facebook apps before you install and use them.
"Applications may use a number of permissions. Because of this, it is best to limit your applications to those that you actually use and have a level of trust for," he says.
Specifically, Geide recommends paying careful attention to which
applications have the ability to write on your wall or message friends,
as this could be used to propagate something malicious. Also, check to
see what information the application is able to access about you and
what content it can read--for example your wall, posts and photos.
"Think about the actual expected behavior of the application," he
says. "And if the level of access that it is requesting doesn't seem
needed for its functionality, the chances are that it's doing something
in addition to what it is advertising."
4. Log Out of Facebook When You're Done
When you're finished browsing Facebook, be sure you log out, Geide
says. "This will prevent threats, such as 'Likejacking,' that leverage
logged-in sessions to Facebook," he says.
Likejacking is a form of clickjacking, or the malicious technique of tricking users into posting a status update for a site they did not intentionally mean to "like."
One example of this: In June 2010, hundreds of thousands of users
fell victim to likejacking after clicking links that read, "LOL This
girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE," and,
"This man takes a picture of himself EVERYDAY for 8 years!!"
After clicking the link, users were asked to "click here to
continue." The following page contained a clickjacking worm that posted
content to the users' walls.
If you have forgotten to log out of Facebook from a computer or
mobile device, you can do so remotely. From your Account Settings page,
click the "Security" tab on the left. Select "Edit" next to Active
Sessions.
The following information will show you where you're logged in on
other devices, when you last accessed it and the device. To log out of
any of the sessions, just click "End Activity."
By Kristin Burnham, CIO
0 comments:
Post a Comment