Security Risks: The Option to Respond to Comments on Facebook
Earlier this month we reported that popular social networking site Facebook lets you respond by email whenever someone posts a comment. The whole thing went something like this: when someone commented on your status update, one of your photos or a Wall post you would get an email notification about it; to respond to that comment you could reply directly to the email notification.
This feature was meant to make things simple, more convenient for the Facebook user. Normally you would have to access your inbox to read the notification email, then access your Facebook account, then respond to the comment. Thanks to this feature, after reading the notification email, you could just hit “Reply” and type your message – which would be sent to Facebook without you having to log in.
Turns out that there is a price to pay for this convenience – the price is security. A security problem with this “respond by email” feature has been discovered by F-Secure, company that specializes in providing antivirus, antispyware, firewall and internet security tools for home users and businesses.
“Facebook recently published a nice new feature: Reply to this email to comment on this status. This seems like a very handy feature to have if you're trying to converse with friends on the go. But is it secure? As it turns out, based on our testing, anyone can use the Reply To address, from any e-mail account. Of course, the notification links are only sent to the account holder's primary e-mail, but we all know just how often e-mail accounts are phished/hacked, right?” said F-Secure.
Facebook generates a unique email address whenever a comment is posted on the social networking site. That email address’s job is to listen for replies. What F-Secure have discovered is that anyone, from any email address can reply to that email – email which is in plain site by the way. As long as someone can see your wall, that person can see your reply addresses.
F-Secure fears this could become a target for spammers, phishers and other people with malicious intent.
Tags: Facebook, Security, F-Secure
This feature was meant to make things simple, more convenient for the Facebook user. Normally you would have to access your inbox to read the notification email, then access your Facebook account, then respond to the comment. Thanks to this feature, after reading the notification email, you could just hit “Reply” and type your message – which would be sent to Facebook without you having to log in.
Advertising
Turns out that there is a price to pay for this convenience – the price is security. A security problem with this “respond by email” feature has been discovered by F-Secure, company that specializes in providing antivirus, antispyware, firewall and internet security tools for home users and businesses.
“Facebook recently published a nice new feature: Reply to this email to comment on this status. This seems like a very handy feature to have if you're trying to converse with friends on the go. But is it secure? As it turns out, based on our testing, anyone can use the Reply To address, from any e-mail account. Of course, the notification links are only sent to the account holder's primary e-mail, but we all know just how often e-mail accounts are phished/hacked, right?” said F-Secure.
Facebook generates a unique email address whenever a comment is posted on the social networking site. That email address’s job is to listen for replies. What F-Secure have discovered is that anyone, from any email address can reply to that email – email which is in plain site by the way. As long as someone can see your wall, that person can see your reply addresses.
F-Secure fears this could become a target for spammers, phishers and other people with malicious intent.
Tags: Facebook, Security, F-Secure
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 27 Apr 2012
Trend Micro has recently announced that it entered a partnership with Facebook and that its giving away security software to Windows and Mac users.
By George Norman on 09 May 2012
A significant discount is offered by F-Secure for its Mobile Security application that protects mobile devices
By George Norman on 05 Jan 2012
This is proof that there are a lot of threats on the web and the perfect example of why you should use a properly good security solution to secure your data against viruses and other malware
By George Norman on 08 Dec 2011
With Christmas just around the corner, Avast Software, the Prague-based company that specializes in the development of security software solutions for Windows, Mac and Linux, thought it a good idea to expand its reach and tackle Android security as well. Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Security Risks: The Option to Respond to Comments on Facebook
HTML Linking Code
HTML Linking Code