by Caspertwin13 November 2011
I have placed a few tips and some recent Facebook fixes which you may find helpful.
Facebook Security Tips by Kaspersky Lab
02 Nov 2011
After the spread across the Internet of several youtube videos and announcements by “Anonymous” on taking Facebook down, and then denying any “official” involvement in the announcement of the attack on November 5, Kaspersky Lab’s specialists highly rate the degree of protection of Facebook infrastructure against cyberattacks. The IT security team at Facebook proactively creates measures to protect users’ accounts and also the system itself.
Therefore, it’s most unlikely that the Facebook infrastructure will be affected by cyberattacks; however, hackers may still be able to get into some user accounts by breaking their passwords.
To protect an account on Facebook, it is recommended to follow sound security practices, such as:
* having a unique, complex password for every single online account
activating secure browsing (HTTPS) in Account Settings
* enabling login notifications in Account Settings
* enabling login approvals in Account Settings
* Making sure the operating system is up to date, including all third party software such as MS Office and Adobe Reader
* using a modern, secure browser such as Google Chrome
* on Windows, if not done already, considering upgrading to Windows 7 64 bits
* running a security suite such as Kaspersky Internet Security 2012
Make sure you use different passwords for your different online accounts. You should also make your passwords long and complex and change them regularly. Remember to avoid using dictionary words, words spelled backwards, repeated characters, or personal information.
Don’t respond to requests for personal information from unknown sources. Providing information such as your social security number or financial details may expose you to identity theft or other types of crime.
MESSAGES AND LINKS
Always use caution when clicking on a link or opening an attachment, even if it’s been sent or posted by a friend or other reputable source. If you have any doubt, get confirmation directly from the sender. Be especially wary of messages that include attractive offers or urgent requests, and watch out for links that require you to immediately provide a login and password. If you’re not sure whether the site you’re on is real or phony, type the URL (for example, http://www.facebook.com) directly into your browser address bar.
Make sure you have the most up-to-date version of your web browser, and that it’s equipped with anti-phishing protection. You can do this by checking the website for your browser company, or by going to the “Help” or “About” section in your browser program. Popular browsers include Firefox, Internet Explorer, and Safari.
Keep a clean machine. Make sure you’ve set your operating system to update automatically. You can do this from the “Settings” or “Preferences” menu. You should also have up-to-date comprehensive security software installed that includes anti-virus, anti-spyware, anti-phishing, and a firewall.
Facebook provides easy tools to help you keep track of your activity and logins, control the information you share, and prove your identity if you ever lose access to your account. Learn how to use these tools and similar ones on other sites so that you’re always in control.
If you come across a scam, report it so that it can be taken down. Facebook and other sites provide report links next to most pieces of content, as well as ways to report spam messages and emails. You should also report scams to the relevant authorities in your country.
Image by Spencer E Holtaway.
Back Up Your Account with SocialSafe
There’s a whole lot of data, and photos, in your Facebook account, and getting them all out is no small feat. SocialSafe, which costs just $3, lets you save all your photos, friends, photo albums, and even friends’ photos that you’re tagged in, along with your status updates. It doesn’t grab everything in and around your account, but enough to liberate you from feeling chained to the service. (Free Tools to Back Up Your Online Accounts)
Prevent Sites from Auto-Customizing Content with Your Facebook Login
You can turn off Facebook’s “Instant Personalization” service in your settings, but the reality of your Facebook login status following around the web, and occasionally allowing less scrupulous sites to glom on, is still there. Shut down access to your Facebook credentials from anyone except Facebook using Adblock Plus and custom filters.
Filter and Compress Your Activity Alerts
If you let Facebook dictate how it emails you about status updates, replies, “Likes,” and other changes, it will overwhelm you. If you leave it to yourself to check, you can just as easily overwhelm your willpower to avoid distraction. Compress all your Facebook notifications into one or two emails per day with NutshellMail, a social media aggregator that we recommended for filtering and managing your online social life and never missing important events—that last one set up so that event invitations come through right away, but friends tagging you in old college photos waits for your end-of-day web checks.
Find Out When Anyone Else Logs into Your Account
Maybe you left yourself signed in at a friend’s house. Perhaps you found out too late that you should have given your old cellphone a better wiping clean. However it is that you’re concerned about other people getting access to your account, you can wipe the slate clean and pin it down from your Facebook settings. As the Trouble Fixers blog explains, there are settings to get email or SMS notices whenever your account is accessed from a “new” device, be it a browser, phone, or other gizmo, once you wipe the slate clean and register your computers and phones as authorized. (Original post)
Get Back the Basic Privacy You Signed Up For
If you’d wanted everything you posted to be public, you’d use Twitter. If you wanted all your co-workers to see it, you’d send it over email. You signed up for Facebook to give a select group of friends access to the more private side of your life and thoughts, and you can get back to that kind of small-circle feeling. We’ve previously posted guides toFacebook’s simpler privacy controls, as well as getting back to what you first signed up for. Even with Facebook’s latest round of comprehension improvements, it’s still worth looking at what you might not know you’re sharing.
“Quit” Facebook While Still Staying in Touch
Facebook can be more trouble than it’s worth, especially for those who have anything approaching privacy concerns. Still, it’s becoming the world’s phonebook replacement, and some people still want to get messages and sign in for events when necessary. So go ahead and quit Facebook without actually quitting Facebook, by wiping out one account and building another with very limited access to prying eyes.
Strip Out Annoying Facebook “Games,” Quizzes, and Other Cruft
Sure, you can click on every single one of your friends’ indulgences to hide them, but there will always be another questionnaire, turn-based addiction machine, or other viral thing right around the corner. Wipe them all clean from your account with F.B. Purity(technically “Fluff Busting Purity”), a user script that installs on nearly every major browser and cleans away all those status updates you never want to see again. (Original post)
Stop Your Friends from Revealing Your Location
Facebook’s new Places feature? Yeah, it’s a lot like Foursquare, Gowalla, and other I’m-here-right-now apps. The big difference is that your Facebook friends can, by default, check you in somewhere without your knowledge. To prevent letting everyone else publish your social calendar, you can disable Facebook Places, or just disable your friends’ ability to geo-tag you
Facebook fixes ID cookie glitch
by BBC 28 September 2011
Facebook has said that it has “fixed” cookies that could have tracked users after they logged out of the site.
He concluded the company might still be able to track members’ web browsing after they logged out, albeit only on websites that integrate with Facebook.
The Australian privacy commissioner is reportedly investigating the issue.
In a statement, the firm told the BBC that it had done nothing wrong.
“There was no security or privacy breach—Facebook did not store or use any information it should not have. Like every site on the internet that personalises content and tries to provide a secure experience for users, we place cookies on the computer of the user.
“Three of these cookies on some users’ computers inadvertently included unique identifiers when the user had logged out of Facebook. However, we did not store these identifiers for logged out users. Therefore, we could not have used this information for tracking or any other purpose. In addition, we fixed the cookies so that they won’t include unique information in the future when people log out.”
The blogger who first highlighted the issue, Nik Cubrilovic, wrote about the issues in detail on his blog on Sunday.
He said that he had informed Facebook about the issue a year ago but there was no response from the firm until his blog post was widely reported across the net.
In an update to his blog Mr Cubrilovic acknowledged the changes that Facebook had made.
“Facebook has changed as much as they can change with the logout issue. They want to retain the ability to track browsers after logout for safety and spam purposes, and they want to be able to log page requests for performance reasons,” he said.
“I would still recommend that users clear cookies or use a separate browser,” he added.
Most cookies perform basic tasks like storing your login details or personal preferences.
But some track the sites users visit, which means that they may be presented with adverts for products or services they researched on the web once they visit other unrelated sites.
Consumer concerns over this type of cookie led to a new EU directive, with online firms across Europe currently working out how they can allow users to opt out of these bits of code.
Facebook Denies Vulnerability, Then Quietly Fixes It
Facebook has apparently fixed a vulnerability in its social-networking site after insisting it wasn’t a weakness and didn’t need to be remedied. The sender and the recipient did not have to be confirmed friends. Power, who notified Facebook on Sept. 30, found that Facebook parses part of a POST request to the server to see if the file being sent should be allowed. Usually, executable files are rejected.Nathan Power, who works for the technology consultancy CDW, updated his blog on Tuesday to reflect that the flaw had been fixed. The problem allowed a user to send another user an executable attachment by using Facebook’s “Message” feature. But Power found that if he modified the POST request with an extra space after the file name for the attachment, it would go through. If a victim accepted the file, the person would still need to launch it in order for malicious software to be installed. The danger is that Facebook could be used for so-called spear phishing, or targeted attacks with the intention of loading malware on a victim’s machine. The style of attack has been successful against companies such as RSA, which leaked information related to its SecurID authentication and disclosed the issue in March. At least one defense contractor was subsequently attacked following the RSA breach. Facebook’s security manager, Ryan McGeehan, said in a statement last week that a successful attack using the vulnerability would require social engineering and also would only allow the attacker to send an obfuscated renamed file to another user one at a time. Facebook this week continued to insist that a fix was not necessary.
Facebook fixes message bug but still denies it may help to spread malware November 4th, 2011 by Viruses.com Source: theregister.co.uk
As you know, Facebook normally blocks the exchange of executable files and does not allow attaching executables to messages to prevent the risk of malware. However, security blogger Nathan Power reports that after adding the space to the end of a filename it has been possible to avoid this restriction and send messages not only to your contacts. Of course, after being notified Facebook fixed this problem immediately but still denies that this fix was necessary The statement from Facebook announces that users have never been at the risk of malware because there is more than one security layer which protects people from being infected unnoticeably for the victim. In addition, they claim that Facebook Messages has antivirus protection that scans every message for malware and malicious links. However, they claim that they spent some time for the further investigation and determined which scenarios were behaving undesirably. Emails with malicious executables seem to be one of the most popular ways to attack unaware users. By tricking users into opening them, vulnerable systems can get infected very easily what additionally leads victims to data loss, identity theft or unexpected money transfer from their bank accounts. We highly recommend avoiding opening suspiciously looking emails and the ones that come from people you don’t know.