70 replies to this topic

[Tifany]

I found your website yesterday while looking for help with my PC, and so far I think it's great! (I placed my problem in the malware removal forum)

But I have a question about the social networking sites. I've always been extremely cautious about what I do & where I go on the internet. My dad had issues with his computer a couple of years ago when his niece got on myspace using his computer. He was sure it had to be myspace that caused the problem. Anyway, because of that, I'd always avoided myspace, didn't really think I needed it. Well, my oldest child is 12 and she complains that all her friends have myspace. I argue that 12 is too young, I'm sorry. But it got me thinking, she will be using the internet more on her own and in a few years doing the myspace, so I figured I better check it out. At first I didn't have any problems, and I signed my husband up as well. On both myspace & facebook. My husband is way less cautious than I am on the internet and clicks on anything. Drives me crazy, he's messed up my computer so many times. Anyway, around that time we started getting the popups and the browser was hijacked. (I didn't really understand what was going on till I came here, I'm really clueless here)

My question is, are the networking sites really bad about spyware and all that? My husband started playing mafia wars on facebook and I'm just wondering if these applications are okay to use? Could this be where I got the spyware? I also went to a lyrics site a few months before, but I didn't notice any problems after going there. It really only happened once I signed my husband up. lol, must be his fault!

[snemelk]

Most social networking sites, like Facebook or MySpace, are safe to use... However, because of their popularity, criminals are using them to spread malware... There are various methods they're using - like sending spam messages, luring to download malicious file, etc... Sometimes it may appear that a message is posted by your friend, but in fact, it's malicious...

More to read for example on these sites:
Facebook - Koobface worm spreading again
MySpace Pages Rigged with Bad Script
New worms target both MySpace and Facebook users
Koobface Worm Alive and Wriggling
Bogus Facebook, Malware, and a Dancing Girl
New Variant of Koobface Worm Spreading on Facebook

Just learn how to avoid such infections!.. .

[Tifany]

Most social networking sites, like Facebook or MySpace, are safe to use... However, because of their popularity, criminals are using them to spread malware... There are various methods they're using - like sending spam messages, luring to download malicious file, etc... Sometimes it may appear that a message is posted by your friend, but in fact, it's malicious...

More to read for example on these sites:
Facebook - Koobface worm spreading again
MySpace Pages Rigged with Bad Script
New worms target both MySpace and Facebook users
Koobface Worm Alive and Wriggling
Bogus Facebook, Malware, and a Dancing Girl
New Variant of Koobface Worm Spreading on Facebook

Just learn how to avoid such infections!.. .

Thank you so much snemelk! It looks like I have much to learn! Kind of overwhelming. I will keep at it though!

[jedi]

This article is a good place to start.

How did I get Infected?

jedi

[Tifany]

This article is a good place to start.

How did I get Infected?

jedi

Thank you jedi. I've read that article and will probably be referring back to it quite regularly. I have to see if I can get my husband to read it!

[solibytes]

Sometimes it may appear that a message is posted by your friend, but in fact, it's malicious...

How can you tell if the message is legitimate?

Up to date I have kept clear of social networking sites and have deleted emails that said 'so and so has added you to their list of friends, click on the link......etc'

I am not too sure if I am being paranoid! (Just because they are out to get me )

Cheers

solibytes

[snemelk]

Sorry for a late reply...

How can you tell if the message is legitimate?

One thing to watch out for is if that message is typical to that person... As far as I know (I don't use these sites... yet), there is often an encouragement to see a video of some sort, and in order to see it you need to download and install a codec - there is a pretty good chance the file downloaded will be malicious... You can always check that file for example on VirusTotal to have some certainty over its harmfulness... As long as you don't run file downloaded, nothing bad should happen...

Up to date I have kept clear of social networking sites and have deleted emails that said 'so and so has added you to their list of friends, click on the link......etc'

I don't get such messages so I can't tell if they really come from these social networking sites... However, I suppose they have a system of some sort which checks member's e-mail contacts to see if they've already joined their site... So it may be that someone just sent you an invitation... ..

[screen317]

If you get e-mails from Myspace or Facebook saying "So and so has added you as a friend," it may not be legitimate. Do not click on the link in the e-mail; rather, log on to your account and see if there are actually any friend requests.

How can you tell if the message is legitimate?

The nature of the message (as snemelk said, usually accompanied by a link to a video or pictures) should tip you off.

If the link is masked, looking something like this...

check out my pix from last night!!

... and you are unsure, right click it in Firefox, select "Copy Link Location," and do a Google search for the URL. It is likely that someone has come across the site in the past. People will post about those dubious links...

[Drabdr]

... and you are unsure, right click it in Firefox, select "Copy Link Location," and do a Google search for the URL. It is likely that someone has come across the site in the past. People will post about those dubious links...

That is so simple, yet... I have never thought about doing that. What a safe way to check the legitimacy of a link. Thank you, screen317.

[DragonMaster Jay]

One of the big things to look out for as well is social engineering tricks. These criminals are constantly trying to get people to "sell" or "hand over" their personal information. One way these criminals work in this social engineering environment include phishing - which is a fraudulent process to obtain personal information (passwords, date-of-birth, etc.). Another way these criminals work is called "pretexting" - which is a scenario presented to the user to persuade them to release their own personal information. The other ways are basic trickery ways, including the use of applications (to steal info) on Facebook and MySpace - and the use of rogue applications (to attempt the distribution of malware).

One example of a big trick includes the MySpace.com fake login pages. A user clicks a link in an email, friend's MySpace page, a message, a comment, in the forums, on blogs, in a search engine, on other sites related to MySpace (themes, playlists, etc.), and application pages - and are redirected to a page that looks like a login page for MySpace, but is actually a phishing/pretexting scam. By looking in the address bar to see if they were on MySpace.com, they could have saved their password from being stolen. However, users are so unaware, and much of the users of MySpace are between the ages of 14-22.

[snemelk]

May be a good read:

The Dangers of Social Networking

Social Networking is the one area of the Internet that nearly every computer-literate person indulges in these days. (...) However, since these platforms attract so many people – most of whom are blissfully unaware of the need for online security – they also draw in the cybercriminals who are out to make a fast buck from the unwary users.

The threats out there can range from just the basic spam advertisement that we all find in our inboxes, to the more sophisticated scams designed to steal your Social Network account credentials, or ultimately, to infect your computer with a Backdoor. This can result in the loss of your private data and your money, not to mention endangering the people around you also. (...) To keep yourself safe, you need not only to follow some basic rules yourself, but also raise the awareness of your friends too!

[snemelk]

7 Things to Stop Doing Now on Facebook

Using a Weak Password

Leaving Your Full Birth Date in Your Profile

Overlooking Useful Privacy Controls

Posting Your Child's Name in a Caption

Mentioning That You'll Be Away From Home

Letting Search Engines Find You

Permitting Youngsters to Use Facebook Unsupervised

Full article at above link...

[snemelk]

The sexiest video ever? Facebook users hit by Candid Camera Prank attack

...thousands of Facebook users have woken up to discover messages posted on their walls, seemingly by their Facebook friends.
(...)
...according to reports from users it told them that their video player was out-of-date and urged them to download a file.

Users then report that the same video was posted (using their avatar and name as though they had posted the message) to their Facebook friends and acquaintances, thus spreading even more quickly.

Video presenting the method of attack at above link!...

[snemelk]

The 101 hottest women in the world?

In the last two weeks thousands of Facebook users fell for a so-called likejacking scam. A link on Facebook invites you to see for example the 101 hottest women in the world and leads you to an external website. No matter where you click on the webpage, a message saying that you "like" the link will be automatically displayed on your Facebook wall and in the news section for your friends, waiting for your friends to be clicked again and again ... and again. Sex stills sells!

---------------------------

Like-/Clickjacking:

Clickjacking Attack Targeting Shark Week

CPA (cost-per-action) affiliates who have been running clickjacking scams on Facebook for quite some time now were quick to capitalize on the 2.6 million daily Shark Week viewers by creating a Facebook application which advertises a “shocking video” of a girl being attacked by a shark.

Clicking on the video link starts a clickjacking attack which causes you to automatically “like” and spam the link out on your wall. At this point, all of your friends will see that you “liked” this “video” and soon they might be affected as well.

Okay, so where is the video? There is no video! These attackers are employing CPA (cost-per-action) affiliate schemes which earn them money each time a victim completes a task, such as a survey.

The best way to avoid these attacks is stay clear of anything that tries too hard to get your attention. The terms “shocking”, “news breaking”, “OMG”, and “You gotta see this” are typically great indicators of a potential clickjacking attack.

Edited by snemelk, 26 August 2010 - 11:04 AM.

[snemelk]

I've just found this article in PDF by TrendMicro - worth reading: Security Guide to Social Networks

This document will cover the most common areas of attack using social networks and will recommend ways of minimizing
risks. The goal of this paper is not to stop you from participating in social networks but to enable you to use
them more safely.

TABLE OF CONTENTS:

PRIVACY IN A CONNECTED WORLD: DATA MINING IN SOCIAL NETWORKS

CREATING LARGE NETWORKS

WHEN CODE BREAKS

BEST PRACTICES

[snemelk]

The truth about the Facebook Knob Face worm

Please don't share virus warnings with your online friends until you have checked them with a credible source (such as an established computer security company). Malware can be killed off fairly easily, but misinformation like this can live on for months, if not years, because people believe they are "doing the right thing" by sharing the warning with their friends.

[snemelk]

Worth reading:
(use menus on the right to navigate...)

1.
Facebook: The privacy challenge

Facebook has nearly 500 million active users and a reported 700,000 new people joining the social networking website every day. But how carefully do Facebook users consider their online privacy?

2.
Sophos's recommendations for Facebook settings

ID fraudsters target Facebook and other social networking sites to harvest information about you. Here's how we recommend you set your Facebook privacy options to protect against online identity theft.

[MoJo Risin&039;]

Thanks to all for the great info, tips and inside skinny on social networking. At this time, I do not do facebook, MySpace, Twitter, IM's, etc. However, some of my friends have urged me to do so and praise their benefits. I have always been leery to sign on to these sites, and if I do eventually decide to engage in this activity, I will now be more aware of how to avoid the dangers and pitfalls that I know inherently reside anytime one uses these types of public networks.

[snemelk]

Thanks to all for the great info, tips and inside skinny on social networking.

I'm glad you like it!!

At this time, I do not do facebook, MySpace, Twitter, IM's, etc. However, some of my friends have urged me to do so and praise their benefits.

I use some of the social networking "channels"/sites - but I regard it as a way of being in a quick and easy contact with my friends...


And this is why you should really think about your privacy settings on Facebook (and possibly other sites):

100 million Facebook pages published on torrent site

A compilation of Facebook pages (and personal information) of 100 million users of the popular social network is available for download on a torrent site, courtesy of hacker Ron Bowes of Skull Security.

Those pages are by no means secret - anyone who uses a search engine can view them, since the users in question haven't tweaked their privacy settings in such a way as to be exempt from a search, and they are therefore part of Facebook's open access directory. But, there is no doubt that having them all in one place will be a godsend to anyone bent on data mining.

Followed by: The Facebook Data Torrent Debacle: Q&A

As Bowes pointed out in a blog post, someone could use this data as a starting point to find other publicly available user data on Facebook. After all, you have to wonder how many of these 171 million Facebook users have publicly exposed e-mail addresses, phone numbers and other information on their profiles?

It has been proven time and again that the more a bad guy knows about you the greater your security risk is.

[snemelk]

Facebook Places broadcasts your location

On Wednesday Facebook unveiled a new service called Facebook Places. This service allows you to share your exact location by "checking in" to that place and letting your friends know that you are there.

Facebook states that this feature is designed to help you become more social and to find friends who may at the same location as you. On the darker side, services like this also broadcast that you are not at home, which allows people with a criminal intent more access to your information and location. Therefore, make sure you only allow your friends to see your location and not to set it to Everyone.

Edited by snemelk, 26 August 2010 - 11:06 AM.

[snemelk]

6 Things You Should Never Reveal on Facebook

The whole social networking phenomenon has millions of Americans sharing their photos, favorite songs and details about their class reunions on Facebook, MySpace, Twitter and dozens of similar sites. But there are a handful of personal details that you should never say if you don't want criminals — cyber or otherwise — to rob you blind, according to Beth Givens...

(...)

Your Birth Date and Place

Vacation Plans

Home Address

Confessionals

Password Clues

Risky Behaviors

[snemelk]

An official site: Facebook Security - with lots of precious information - some security tips, a list of current threats on Facebook, and the security in Facebook related news... If you have a Facebook account, consider using the Like! button to receive the updates...

While doing some research, I came across a very useful Facebook security feature - check the account security settings:
- you'll be able to see the recent activity on your account
- you can also approve the devices you commonly use to log in and then to be notified whenever your account is accessed from a device you haven't approved

Staying in Control of Your Facebook Logins | Facebook

Facebook Moves to Thwart Cybercrooks

For example, you can save your home computer, your school or work computer, and your mobile phone. Once you've done this, whenever someone logs in to your account from a device not on this list, we'll ask the person to name the device.

We'll also send you an immediate email notification - and if you want, a text message - so that you're always up to speed on how your account is being accessed.

(...)

We've also built a new system to block suspicious logins before they happen. When we see that someone is trying to access your account from an unusual device, we'll ask the person to answer an additional verification question to prove his or her identity as the real account owner.

[Charmz]

These sites are safe, just be sure you don't fall into traps. [I.E We are having some problems, for security reasons please tell us your password.]

[snemelk]

This is a very interesting enterprise: A Parents' Guide to Facebook created by Anne Collier and Larry Magid of ConnectSafely.org; published in partnership with the iKeepSafe Coalition...

It’s designed to help you understand what Facebook is and how to use it safely. With it, you will be better informed and able to communicate with young Facebook users in your life more effectively.

...provides parents with the perspective and how-to information they need to help their teens optimize their privacy and safety on Facebook.

The guide features hands-on, step-by-step instructions and illustrations, as well as parenting points on safety, privacy, and reputation protection. It covers both cellphone- and computer-based use of Facebook and the site's newest features, including Places, Groups, and the latest privacy updates.

Links to the downloadable (and/or printable) PDF version and the at-a-glance chart can be found here: A Parents' Guide to Facebook

[Drabdr]

Not sure how many of you Facebook, but if you have more than, like 2 friends , I would imagine you have seen this one:

Girl Who Killed Herself after dad posted on Facebook

I have been reading as much as I can on this one, but haven't found any good write-ups. I'm not sure if there is really anything malicious about it or not.

This writeup at least had some of the actual content of what has been spreading, but some of the comments in there about seemed a bit weak:

I mean, would you summarily make this claim?

Furthermore, there's no such thing as malware that you can't remove so the claim that it "will not allow you to delete it" is nonsense too.

Like everywhere else, the message is simple: if it does not look familiar, looks out of character, or too good to be true, don't click on it. But many seem to learn that one the hard way.

[snemelk]

Like everywhere else, the message is simple: if it does not look familiar, looks out of character, or too good to be true, don't click on it. But many seem to learn that one the hard way.

Well said!.. Anyway, people are just curious, they want to know some shocking news, and if the message appears to be posted by your friend, you're more eager (or rather do not hestitate) to click on it...

Looks like so called "survey scams" have been a big problem recently on Facebook, like this one: Your own email @facebook.com? Beware Facebook survey scam... You risk revealing much of your personal data...
Sophos posted on their blog a video on How to clean-up your profile after a Facebook survey scam...

[Drabdr]

Looks like so called "survey scams" have been a big problem recently on Facebook, like this one: Your own email @facebook.com? Beware Facebook survey scam... You risk revealing much of your personal data...
Sophos posted on their blog a video on How to clean-up your profile after a Facebook survey scam...

Good finds. Thank you for posting.

[snemelk]

I really don't like that move: Rogue Facebook apps can now access your home address and mobile phone number

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.
(...)
Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.

Originally information posted by AplusWebMaster here: #402

-------------------
Edit: currently "temporarily disabled": #403

Edited by snemelk, 25 January 2011 - 06:27 PM.

[snemelk]

Stealth Mode: Making Yourself Nearly Invisible on Facebook

Growing tired of the Facebook privacy scandals, I tried to leave the social network, but you need to be a member now to access a number of outside websites. How can I get around this?

[The Dark Knight]

Stealth Mode: Making Yourself Nearly Invisible on Facebook

Growing tired of the Facebook privacy scandals, I tried to leave the social network, but you need to be a member now to access a number of outside websites. How can I get around this?

Thanks for the information snemelk! I have just recently updated all of my privacy settings on Facebook so that none of my personal information can be seen by people I don't know but that article was quite helpful as well. I definitely recommend Facebook users have a read and make some changes to their settings in the interests of privacy!

[snemelk]

I definitely recommend Facebook users have a read and make some changes to their settings in the interests of privacy!

This time, Facebook has added a very useful (from a security point of view) feature: secure browsing (https) - A Continued Commitment to Security

Starting today we'll provide you with the ability to experience Facebook entirely over HTTPS. You should consider enabling this option if you frequently use Facebook from public Internet access points found at coffee shops, airports, libraries or schools. The option will exist as part of our advanced security features, which you can find in the "Account Security" section of the Account Settings page.

By default, it's not automatically enabled... Personally, if I was to log into my Facebook account (or any other password protected account) from an unsecure network (like a Wi-Fi network in Starbucks), I would do it only if I was sure the connection is fully encrypted - otherwise, someone can easily sniff the network packets...
So, if you regularly use unsecured Wi-Fi networks (on airports, in cofee shops, etc.) to access your Facebook account, I suggest you enable secure browsing (https) as soon as it's available...

Also on: Facebook steps up security, but it’s opt-in? | Naked Security

----------
Edit: Also found in this video: Using Advanced Security Features [HD]

If you're ever unsure about the security of a network or computer you're using, try Facebook's advanced security features. Learn how to use them in this video.

Edited by snemelk, 28 January 2011 - 05:13 PM.

[snemelk]

Looks like so called "survey scams" have been a big problem recently on Facebook, like this one: Your own email @facebook.com? Beware Facebook survey scam... You risk revealing much of your personal data...
Sophos posted on their blog a video on How to clean-up your profile after a Facebook survey scam...

How to spot a Facebook Survey Scam (facecrooks.com)

So why do they go through all of this trouble? In a word – MONEY! What the scammers don’t want you to know is that each time someone completes one of their silly surveys they get paid.

Some of the scams require you to provide your name, address, date of birth, cell phone number, etc. This information can be used by marketers, hackers and identity thieves to wreck havoc in your personal and financial life. If the scam requires you to enter your cell phone, there is a good chance that you are signing up for premium services. It is imperative that you keep a close watch on your phone bill, so you can contest and reverse any bogus charges.

If the scam required you to download Frogger or some other file, there is a good chance that your system has been compromised and infected with some sort of malware. You should immediately disconnect your computer from the internet and run a complete system scan with a trusted and reputable anti-virus program.

[snemelk]

Heh... - with so many users Facebook has, that social networking site looks sometimes like a criminals/fraudsters' playground...
If you've been following reports on Facebook scams, you have probably already completely lost track of it - looks like there are a few new scams every day (enough to take a look here: Facecrooks Home Page) - if you intend to click on something, think at least twice...
Facebook security team does a pretty good job at detecting and removing threats, but still the user is the weakest link - learn how to avoid the scams, beware suspicious links...

A good news now: Facebook’s New Features Help Prevent Bullying / Details on Social Reporting

How many times have you found your “friends” posting a very unflattering picture of you on Facebook only to find that they would not remove it? If it has never before happened to you, then you’re lucky. But others aren’t quite as lucky and have to suffer through all the embarrassment and shame. Facebook’s new features, however, have made it easier to stop bullying behavior by bringing in the community’s participation.

[snemelk]

A New Suite of Safety Tools | Facebook

During President Obama's White House Conference on Bullying Prevention last month, we announced plans to expand our existing safety resources with new content for families. Beginning today, you can visit the newly redesigned Family Safety Center. There, you'll find useful articles for parents and teens and videos on safety and privacy, as well as many other resources. In the coming weeks, we'll also be providing a free, downloadable guide for teachers, written by safety experts Linda Fogg Phillips, B.J. Fogg and Derek Baird. We hope this guide will help educators with social media in the classroom.

[snemelk]

A downloadable guide for teachers, mentioned in the previous post, can be found here: http://www.scribd.co...Educators-Guide

---------------------

11 tips for social networking safety (Microsoft Security Center)

1. Use caution when you click links that you receive in messages from your friends on your social website.

2. Know what you've posted about yourself.

3. Don't trust that a message is really from who it says it's from.

4. To avoid giving away email addresses of your friends, do not allow social networking services to scan your email address book.

5. Type the address of your social networking site directly into your browser or use your personal bookmarks.

6. Be selective about who you accept as a friend on a social network.

7. Choose your social network carefully.

8. Assume that everything you put on a social networking site is permanent.

9. Be careful about installing extras on your site.

10. Think twice before you use social networking sites at work.

11. Talk to your kids about social networking.

---------------------

Keeping You Safe from Scams and Spam (Facebook Security)

Partnership with Web of Trust
This partnership will help us improve our system by providing additional bad links, and in the coming months, we expect to massively increase our coverage even more by working with other industry leaders.

Clickjacking protection
We have built defenses to detect clickjacking of the Facebook Like button and to block links to known clickjacking pages.

Self-XSS Protection
We have been working hard to improve our systems that detect and block these types of attacks, as well as to educate people on what is causing their accounts to send spam. Now, when our systems detect that someone has pasted malicious code into the address bar, we will show a challenge to confirm that the person meant to do this as well as provide information on why it’s a bad idea.

Login Approvals
Our newest advanced security feature, Login Approvals, is now available to everyone who uses Facebook. This is a two factor authentication system that we first announced last month. If you choose to use it, whenever you log in to Facebook from a new or unrecognized device, we’ll require that you also enter a code we send to your mobile phone via text message.

[The Dark Knight]

This is extremely important:

6. Be selective about who you accept as a friend on a social network.

It's a big issue on Facebook, as people add someone as their friend, and then start adding friends of that person or vice versa. Of course, these people then have access to all your information (unless you've changed your privacy settings) and you may not have even met them! It happens a lot at school and university at the moment, so it's something I would definitely recommend people keep in mind when they use sites like Facebook.

It's amazing how many people you don't actually know if you prune through your "friends" on Facebook; I've done it a couple of times recently and found quite a few people I don't even remember adding! Definitely a worry if you are not keeping an eye on your privacy.

[snemelk]

3 steps to protect yourself from Facejacking » CounterMeasures

It’s sometimes difficult to believe but our social networking accounts have become, in many cases, a part of our lives which we entrust with a wealth of sensitive information and personal correspondence. Social media is rapidly overtaking email and instant messaging as the preferred communication medium of a generation, our personal and professional lives coexist within a single inbox that holds in some cases not just our messages but also our more frivolous chats.

(...)

Facebook have built in some great features to stop even a person who has your password from accessing your account, this stuff isn’t new, it’s just underused and under-publicised. If you regularly log in from the same device or devices, you can train Facebook to recognise those machines.

[snemelk]

Facebook Privacy: An Easy How-to Guide to Protecting Yourself (ESET Threat Blog)

Privacy settings on Facebook - an overview...

[snemelk]

Heh, this morning I logged into my Facebook account and immediately got a strange chat message from one of my acquaintances: "Hi, Wanna laugh?" - I knew it was fake so I replied and waited for some link to be posted (always a chance to get a "virus" sample), unfortunately I did not get one - some Facebook's security feature must have blocked it... Anyway, it looks like there have been quite many cases recently when attackers use Facebook chat to perform their attacks: Active Facebook Scams - August 23, 2011

Facebook Chat is being used heavily by scammers right now to prey on unsuspecting users. This method of attack can be very successful. The scams are engineered so that it appears the person is receiving legitimate chat messages from a Facebook friend. This can make someone more trusting and ultimately click on the scam link, which of course is the scammer's main goal. Always be suspicious of any links you receive via Facebook Chat. Talk with your friend and ask them questions only they would know.

If your friend posts such fake messages, there is a possibility that his/her account is compromised, here are some good ideas on what to do in such a situation: Four Things you need to do if your Facebook account gets hacked ...


One another thing worth mentioning - Facebook has recently published their official security guide:
A Guide to Facebook Security (PDF) - for young adults, parents and educators; protect your Facebook account, avoid the scammers, use advanced security settings, recover a hacked account, stop imposters...
I took a quick glance and it looks like it describes in simple English some important factors when it comes to social networking...

[snemelk]

Link: Facebook Partners With Websense To Protect Users From Malicious Sites And Malware (TechCrunch)

Facebook is announcing a partnership with security firm Websense today, in order to protect its users from dangerous links that lead to malicious websites and malware sites. Going forward, when a Facebook user clicks on a link, the new system will first check the link against Websense’s system to determine whether or not it’s safe.

If it’s not, a message is displayed warning the user that the link is potentially harmful and suggests you return to the previous page.

[snemelk]

Twitter related information this time: Horrible blog going around about you? Or a Twitter phishing attack?

You may not realise it, but your Twitter account is worth money.

Cybercriminals are keen to compromise your Twitter account, so they can spam out messages (either as public tweets, or less obvious direct messages to your online friends) in the hope that some recipients will click on the links.

[snemelk]

Over the past few years we have introduced a number of new security tools - Login Approvals, Login Notifications, and One Time Passwords to name a few. In addition, we have developed several back-end systems to help keep you and your data secure. To better illustrate the full range of these features and show how they all work together to keep you safe while on Facebook we are releasing this infographic. Check it out to learn more about our security infrastructure and an overview of the tools available to all our users to increase their level of account security.

Everything you ever wanted to know (and more) about Facebook security infographic can be found here: LINK

[snemelk]

Another, a little older though, infographic - concerning privacy:

Infographic Compares Privacy in Facebook vs Google+ | PEER 1 Hosting Blog

With lists, groups, and now Google+’s circles, the tangle of ever-changing terminology around the social web can be exasperating. But one thing is for certain, social networks are a way of life for most people on the planet – there are 750 million registered users on Facebook, 600 million of them are active monthly, and over half on a daily basis. With all these users, comes a massive amount of sharing. But do you know what you are actually sharing? And more importantly, who is seeing the information and what is being done with it?

[snemelk]

One another infographic: Facebook Attacks - Summary for 2011 - Facebook attacks in 3 stages...

Available from this site: January 2012 -Internet Threats Trend Report (a link to the infographic is on the right)...
And a direct link to the infographic: Infographic-Facebook-attack-trends-in-2011.jpg

[snemelk]

A new article on TechSupportForum: A Guide to Facebook Security – What are the risks?

With over 600 Million active users, Facebook has become the largest and most widely used social networking site in existence. However, this widespread usage has not been without its risks. Due to its nature as a social networking site, as well as its huge popularity, Facebook is a rich target for identity theft and malware writers. This guide is intended to be a general guide to Facebook security, and while by no means exhaustive, will hopefully provide you with a general overview of the threats you might encounter.

[snemelk]

On Sophos' blog: What do I do if my Twitter account is hacked?

I thought it might be a good idea to provide a step-by-step guide to recover from some common attacks people fall victim to, beginning with Twitter.

There are two primary methods for your Twitter account to become compromised. Either you authorized a malicious application to connect to your account, or your password was guessed/stolen.

[snemelk]

The Always Up-to-Date Guide to Managing Your Facebook Privacy

Keeping your Facebook info private is getting harder and harder all the time—mostly because Facebook keeps trying to make it public. To help you out, we've created a comprehensive guide to keeping your Facebook locked down and in your control, and we're going to keep it updated whenever Facebook decides to add a new feature or change its privacy defaults... yet again.

[snemelk]

Link: Facebook teaches users how to kill adware

Curious to know who's been checking you out on Facebook? Tempted to see who's visited your timeline? Itching to pick out your own timeline theme? Maybe something with palm trees or flamingos?

(...)

In fact, if you click on the promotions, what they actually often deliver is adware; software that automatically renders advertisements.

Such software can "cover your account with ads, make your pages load slowly, and compromise your security," Facebook Security advises in a video posted last week.


(...)

One sign that you've been infected with Facebook-aware adware is the appearance of ads in banners in the center, top or left column on Facebook. Facebook never puts legitimate ads in these spots. Ads that flash or automatically play sounds are suspect as well

[snemelk]

Link: What you need to know about Facebook sneakily swapping users' default email addresses to @facebook.com

However, the social network didn't make clear that it would also be making the @facebook.com email addresses the default address displayed to your online friends.

(...)

If you don't want your @facebook.com email address to be displayed on your profile, you should change your settings.

(...)

As we described extensively in our examination of the Facebook messaging system, the @facebook.com email addresses are likely to prove attractive targets for spammers hawking goods and malicious links.

If you don't like such a wide variety of people being able to send you messages, you will need to change your settings.

- Click the account menu at the top right of any Facebook page and choose "Privacy Settings".
- Next to the "How You Connect" heading, click "Edit Settings".
- Select your preference from the dropdown menu next to "Who can send you Facebook messages?". Remember that "Everyone" means not just everyone on Facebook, but everyone on the entire internet

Facebook will have to implement effective filtering mechanisms to prevent fraudsters from exploiting users with spam, scams and phishing attacks as a result of this opening up of the network's messaging system.

[snemelk]

This one is interesting...

Need a debit card? Twitter account exposes photos of debit and credit cards

The account, @NeedADebitCard, names, retweets and shames those Twits who post pictures of their credit or debit cards on the social networking site.

With its bio listed as "Please quit posting pictures of your debit cards, people", the account has gained over 5000 followers in a little over a month.

One polish computer security related site (» Zdjęcia kart kredytowych prosto z Twittera -- Niebezpiecznik.pl --) gave two other examples of sites, which publish some publicly available information from sources like Facebook or Twitter:

- Please Rob Me (probably not fully functional at this moment: Are We All Asking to Be Robbed?)
- We know what you're doing... A social networking privacy experiment by Callum Haywood - "...and we think you should stop."


A hint: always think twice before posting something online!!