Facebook security practices questioned in wake of Anonymous threat
August 11, 2011 by admin
Filed under Lingerie Events
Even as the shadowy hacker group Anonymous threatens to take on the mighty social-networking site Facebook, claiming the group
will ‘kill’ Facebook on Nov. 5, some researchers are criticizing Facebook security, saying it could be better.
More on Facebook: Facebook to pay hackers for bugs
“We started testing the site and reporting vulnerabilities to them,” says Mandeep Khera, chief marketing officer at security
firm Cenzic about Facebook, which in late July started a bug bounty program encouraging researchers to confidentially report
any security issues directly to Facebook. But Khera says Facebook brushed off the issues Cenzic raised in the last few days about some weaknesses the security firm
believes it has identified in Facebook log-in and passwords, among other things.
However, Khera says Facebook yesterday apparently corrected one issue regarding ineffective session termination using Internet
Explorer browser, which occurred when the user logged out using IE and backspaced a few pages, a refresh of the Facebook page
automatically logged you in again. “They said they can’t reproduce the vulnerability but it looks like they fixed it,” Khera
says.
Cenzic is criticizing the password system that Facebook uses, which Khera says is six characters and “takes 30 seconds to
crack.” He also faults Facebook for not having SSL on for the initial user registration. “This can be sniffed by anyone,”
he says. He also complained about Facebook’s auto-password-complete function, saying, “As a good practice, it shouldn’t complete
the password automatically.” He faulted Facebook’s “bad login message” because he says it tells too much in saying you didn’t
enter the right email for example.
But after Cenzic reported these findings to Facebook, “they came back and said, the password and SSL stuff, these are ‘best
practices,’ not ‘vulnerabilities,’” Khera says. “So our response was, shouldn’t you be following best practices since everyone
is hacking you?”
The hacker group Anonymous today allegedly threatened to ‘destroy’ Facebook on Nov. 5, accusing the social-networking site
of spying on users, cooperating with authoritarian governments and abusing people’s privacy. However, because the alleged
Anonymous notification did not originate from better-known sources of Anonymous communiqués to the public, some are questioning
whether this is an authenticate Anonymous threat at all. Anonymous, however, has proven diligent in carrying out threats it has made in the past.
Cenzic is offering developers for social-networking sites a free “healthcheck” vulnerability assessment using Cenzic’s cloud-based
offering, ClickToSecure Cloud.
Read more about security in Network World’s Security section.
Share and Enjoy
Google+ social network gets games
August 11, 2011 by admin
Filed under Lingerie Events
SAN FRANCISCO |
SAN FRANCISCO (Reuters) – People who use Google Inc’s social network Google+ will be able to play games, a feature available on its biggest rival Facebook.
A new page on Google+ allows access to a variety of games and updates about games that people’s friends are playing, Google said in a blog post on Thursday.
Google first will offer 16 games from third-party developers, including the popular Angry Birds game.
Adding games is a fresh challenge to Facebook, the world’s No.1 social network with more than 750 million users.
Games are one of Facebook’s most popular features, with Zynga’s Farmville and Electronic Arts division Playfish’s Restaurant City drawing millions of users every month.
Google, which has made an unspecified investment in Zynga, will offer Zynga Poker on Google+.
Google launched its social networking service in June, signing up more than 10 million users in the first two weeks.
Social networking has become a priority at Google, the world’s No. 1 Internet search engine company, whose position as the main gateway to online information could be at risk as people spend more time on sites such as Facebook and Twitter.
Google said it will roll out games gradually on Google+, and will make the game feature available to everyone “soon.”
(Reporting by Alexei Oreskovic. Editing by Andre Grenon and Robert MacMillan)