Security Risks: The Option to Respond to Comments on Facebook
Article by George Norman
On 28 Jan 2010
Earlier this month we reported that popular social networking site Facebook lets you respond by email whenever someone posts a comment. The whole thing went something like this: when someone commented on your status update, one of your photos or a Wall post you would get an email notification about it; to respond to that comment you could reply directly to the email notification.

This feature was meant to make things simple, more convenient for the Facebook user. Normally you would have to access your inbox to read the notification email, then access your Facebook account, then respond to the comment. Thanks to this feature, after reading the notification email, you could just hit “Reply” and type your message – which would be sent to Facebook without you having to log in.


Turns out that there is a price to pay for this convenience – the price is security. A security problem with this “respond by email” feature has been discovered by F-Secure, company that specializes in providing antivirus, antispyware, firewall and internet security tools for home users and businesses.

“Facebook recently published a nice new feature: Reply to this email to comment on this status. This seems like a very handy feature to have if you're trying to converse with friends on the go. But is it secure? As it turns out, based on our testing, anyone can use the Reply To address, from any e-mail account. Of course, the notification links are only sent to the account holder's primary e-mail, but we all know just how often e-mail accounts are phished/hacked, right?” said F-Secure.

Facebook generates a unique email address whenever a comment is posted on the social networking site. That email address’s job is to listen for replies. What F-Secure have discovered is that anyone, from any email address can reply to that email – email which is in plain site by the way. As long as someone can see your wall, that person can see your reply addresses.

F-Secure fears this could become a target for spammers, phishers and other people with malicious intent.

Tags: Facebook, Security, F-Secure
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Security Risks: The Option to Respond to Comments on Facebook
HTML Linking Code