Facebook Partners With WOT, Makes Other Security-Oriented Changes
Incredibly popular social networking site Facebook announced that as part of its commitment to offer users a safe experience on the internet, it made a few changes meant to protect the users from scam and spam. The first change Facebook made is to partner with WOT (Web of Trust), the free safe surfing tool that rates sites based on community members’ reviews. By partnering with WOT, Facebook can further improve its existing system that scans links to determine whether the websites associated with those links are spammy or contain malware.
The second change Facebook rolled out refers to clickjacking protection – clickjacking is when people with malicious intent trick users into clicking something they might not want to click on. Facebook’s defenses can detect clickjacking of the Facebook Like button, can block links to known clickjacking sites, and will issue an alert when something suspicious is uncovered. When something suspicious is detected, you will be asked to confirm your like before posting a story to your profile and your friends’ News Feeds.
The second change is meant to protect users from pasting malicious code into the browser’s address bar. People with malicious intent sometimes trick users to paste malicious code in the address bar, code that gets the browser to take actions (like posting status updates with fake links or sending spam messages to all Facebook friends) on those people’s behalf. When Facebook detects that potentially malicious code is pasted in the address bar, it will present the user with a notification.
The third change Facebook rolled out is that it made Login Approvals available for all Facebook users. This two factor authentification system is not new; what’s new is that it has been rolled out to all users. Activate Login Approvals and when you log in to Facebook from a new or unrecognized device, you will have to enter a code to prove that you’re really you. The code will be send as a text message to your mobile phone.
“If we see a login attempt from a device you haven’t saved, you'll be notified upon your next login and asked to verify the attempt,” explained Facebook Security Engineer Clement Genzmer. “If you don’t recognize this login, you'll be able to change your password with the knowledge that while some one else may have known your login credentials, he or she was unable to access your account or cause any harm.”
The second change Facebook rolled out refers to clickjacking protection – clickjacking is when people with malicious intent trick users into clicking something they might not want to click on. Facebook’s defenses can detect clickjacking of the Facebook Like button, can block links to known clickjacking sites, and will issue an alert when something suspicious is uncovered. When something suspicious is detected, you will be asked to confirm your like before posting a story to your profile and your friends’ News Feeds.
The second change is meant to protect users from pasting malicious code into the browser’s address bar. People with malicious intent sometimes trick users to paste malicious code in the address bar, code that gets the browser to take actions (like posting status updates with fake links or sending spam messages to all Facebook friends) on those people’s behalf. When Facebook detects that potentially malicious code is pasted in the address bar, it will present the user with a notification.
The third change Facebook rolled out is that it made Login Approvals available for all Facebook users. This two factor authentification system is not new; what’s new is that it has been rolled out to all users. Activate Login Approvals and when you log in to Facebook from a new or unrecognized device, you will have to enter a code to prove that you’re really you. The code will be send as a text message to your mobile phone.
“If we see a login attempt from a device you haven’t saved, you'll be notified upon your next login and asked to verify the attempt,” explained Facebook Security Engineer Clement Genzmer. “If you don’t recognize this login, you'll be able to change your password with the knowledge that while some one else may have known your login credentials, he or she was unable to access your account or cause any harm.”
