Despite ongoing security concerns (the most recent of which is the koob worm), Facebook has been named the number 15 most trusted company in the US. A survey conducted by Ponemon Institute and TRUSTe, the Internet privacy trustmark company, has revealed a short list of what people feel are the most trustworthy companies around, in terms of Privacy Security.

The survey sample consisted of 6,486 adult consumers in the US, and resulted in 706 companies being named. 211 of these companies actually made the cut, including Facebook. So who took the number one spot? American Express, which was in the same position last year. eBay follows as the second most trusted company, with IBM, Amazon and Johnson & Johnson completing the top five.
Read the rest of this entry »

Over the past couple years, Facebook has been the subject of many privacy flaws and hackers are continuously generating new methods for phishing user passwords. Today XSSED posted about a new set of cross site scripting vulnerabilities. Now that the vulnerabilities have been posted, Facebook will most likely resolve the issues within hours but it’s clear that Facebook has become one of the primary targets for hackers online. According to Dimitris Pagkalos of XSSED, it’s not even safe to accept friend invitations from people you don’t know. “The reason is that a Facebook profile contains enough personal information which can be studied by fraudsters in order to create special phishing attacks or malware targeted to individual users or businesses.”
Read the rest of this entry »

According to IDG News Serivce, “A team of researchers have built a malicious Facebook” application. We’ve heard this before it and now we’ll here it again. Facebook applications can be used to “dupe large numbers of users into downloading a seemingly harmless application that actually performs a clandestine attack that can cripple a Web site.

Wait, can’t any website do the exact same thing? Yes it can! These researchers came up with a new way of attacking their victims though. As the article revealed:

The researchers developed an application called “Photo of the Day,” which serves up a new National Geographic photo daily. But in the background, every time the application is clicked, it sends a 600 K-byte HTTP request for images to a victim’s Web site.

Those requests, as well as those images, are not seen by someone using Photo of the Day, which the researchers have termed a “Facebot” application. The effect is a flood of traffic to the victim’s Web site, known as a denial-of-service attack.

The application remains listed on Facebook and still hasn’t been shut down. While I’m guessing this application will be shut down within the next few hours it’s interesting to see a known application which is testing vulnerabilities is allowed to run on the platform. Then again, monitoring all of the packets being transferred between the application and the user and still determining a packet is harmful is completely unlikely.

I’m not quite that the vulnerabilities described are unique to social networks. Instead it sounds like the argument is that there are more “vulnerable users” on social networks then any random website. I’m not sure I agree with this argument but I’ll leave you to decide.