New in Facebook: Microsoft Koobface Protection, Public Search Vulnerability, New Ad Format
There are several news items that we have to report about the popular social networking site: the good, the bad, and the uninterested. The good news: Facebook sheds some light onto how Microsoft helps the social networking site be safe from the Koobface virus. The bad news: researchers from the University of Cambridge, UK, have discovered that Facebook profile data can be accessed via search engines and used for targeted phishing attempts. The uninterested news: Facebook is testing out a new ad format.
Starting with the good news, it seems that Facebook’s enhanced security (details here) has received a boost in the right direction courtesy of the Redmond software giant Microsoft. It seems that in the fight against the Koobface virus (a mass-mailing virus that lures users with subject titles such as “You look funny in this video” to a malware spreading site) Facebook has asked the Microsoft Malware Protection Center (MMPC) for assistance.
Principal Group Program Manager for the MMPC, Jeff Williams comments: “Our team researches malicious software and delivers technology to remove viruses and spyware. Recently, we've been working with Facebook to fend off a virus called Koobface, which has been affecting users of both the Windows operating system and sites like Facebook. In working with Facebook, we were able to add detection of Koobface to our Malicious Software Removal Tool (MSRT), which checks computers running Windows software to detect and remove viruses. By adding this threat to the more than 100 threat families already in MSRT, we're helping to protect hundreds of millions of people. Since releasing our newest version of MSRT two weeks ago, we've removed Koobface nearly 200,000 times from over 133,677 computers in more than 140 different locales around the world.”
Moving on to the bad news, a group of researchers from the UK have published a paper entitled “Eight Friends Are Enough: Social Graph Approximation via Public Listings” (read it here – PDF warning). According to this paper, the fact that search engines display data about your Facebook profile poses a security risk. The data one can attain with a simple Google search for example can be used to perform targeted phishing attacks.
Researcher Joseph Bonneau comments: “We focused on inferring information about a whole social graph...lists of every person and the connections between them. On the question of whether someone is a very important [or well-connected] person is difficult to tell with their specific profile, even if you have access to it. Facebook makes it difficult to crawl [this information], but it's easy to do in public search listings. You could do targeted phishing attacks if you knew people's [Facebook] friends and claim to be their friend.”
The uninterested news: Facebook is testing out a new ad layout that would have 5 ads (as opposed to just 3) with a wider layout displayed on the site. The following statement has been issued by Facebook, as reported by Chris Crum: “Facebook recently began testing a module that appears periodically in the right-side ad space that show relevant content in addition to the ads that would normally appear there. This content includes Facebook Pages of which a user's friends have become a fan, Events that a user's friends are attending, and people who are friends of a user's friends. While the advertisements are paid placements, the content is not, and is part of Facebook's ongoing efforts to surface relevant content and friend information in more places on the site. As with all tests, Facebook will evaluate user responses and make ongoing modifications to the features of the module.”
Starting with the good news, it seems that Facebook’s enhanced security (details here) has received a boost in the right direction courtesy of the Redmond software giant Microsoft. It seems that in the fight against the Koobface virus (a mass-mailing virus that lures users with subject titles such as “You look funny in this video” to a malware spreading site) Facebook has asked the Microsoft Malware Protection Center (MMPC) for assistance.
Principal Group Program Manager for the MMPC, Jeff Williams comments: “Our team researches malicious software and delivers technology to remove viruses and spyware. Recently, we've been working with Facebook to fend off a virus called Koobface, which has been affecting users of both the Windows operating system and sites like Facebook. In working with Facebook, we were able to add detection of Koobface to our Malicious Software Removal Tool (MSRT), which checks computers running Windows software to detect and remove viruses. By adding this threat to the more than 100 threat families already in MSRT, we're helping to protect hundreds of millions of people. Since releasing our newest version of MSRT two weeks ago, we've removed Koobface nearly 200,000 times from over 133,677 computers in more than 140 different locales around the world.”
Moving on to the bad news, a group of researchers from the UK have published a paper entitled “Eight Friends Are Enough: Social Graph Approximation via Public Listings” (read it here – PDF warning). According to this paper, the fact that search engines display data about your Facebook profile poses a security risk. The data one can attain with a simple Google search for example can be used to perform targeted phishing attacks.
Researcher Joseph Bonneau comments: “We focused on inferring information about a whole social graph...lists of every person and the connections between them. On the question of whether someone is a very important [or well-connected] person is difficult to tell with their specific profile, even if you have access to it. Facebook makes it difficult to crawl [this information], but it's easy to do in public search listings. You could do targeted phishing attacks if you knew people's [Facebook] friends and claim to be their friend.”
The uninterested news: Facebook is testing out a new ad layout that would have 5 ads (as opposed to just 3) with a wider layout displayed on the site. The following statement has been issued by Facebook, as reported by Chris Crum: “Facebook recently began testing a module that appears periodically in the right-side ad space that show relevant content in addition to the ads that would normally appear there. This content includes Facebook Pages of which a user's friends have become a fan, Events that a user's friends are attending, and people who are friends of a user's friends. While the advertisements are paid placements, the content is not, and is part of Facebook's ongoing efforts to surface relevant content and friend information in more places on the site. As with all tests, Facebook will evaluate user responses and make ongoing modifications to the features of the module.”
