10:55 AM
Kakrona Chan
Facebook has officially launched its new “modern messaging system,” and as Mashable’s walkthrough of the new features illustrated, there’s a lot to like about the company’s approach to unifying the social inbox.While Facebook should be applauded for some of the privacy settings built into its new messages system — for example, you can choose against receiving messages from people not on a trusted list — we can’t help but question some of its security implications.
The biggest advantage of a system like the new Facebook messages, which involves the ability to aggregate and combine all of your communications channels in one place, also makes our security sense go a little haywire.
Facebook Is Now More of a Target
To be clear, we’re not necessarily talking about the security of Facebook’s servers or its login system. By and large, Facebook has a pretty solid track record in regards to keeping its systems clean.
Instead, what we fear is that the continued use of phishing scams, tools like Firesheep and other forms of social engineering will make the bounty of information encompassed within a Facebook account that much more targeted.
Facebook is already the fourth largest online phishing target and the spate of attacks using the social network have only increased in recent months. Rogue Facebook apps and augmented e-mail scams are just some of what Facebook users can already be expected to look out for in the current messaging system.
We’ll echo Graham Cluley from Sophos, who remarked that, “It will be critical for Facebook to implement more effective filtering mechanisms to prevent fraudsters from manipulating Facebook users into falling victim to new spams, scams and phishing attacks.”
Keep Vigilant
Furthermore, if users are going to transition to using Facebook as a central repository for social messaging, keeping your computers patched, your browsers up-to-date and your passwords unique is going to become even more important.
We’ve covered some tools that help manage and create hard-to-crack passwords [mashable link]. If you aren’t already using some sort of uniquely generated password for Facebook, consider doing so.
Also keep in mind that if you choose to communicate with someone who has an @facebook.com e-mail address, what you send over is being archived and stored in their messages account. Now, this is true for all hosted e-mail platforms, but most e-mail accounts aren’t tied seamlessly to your social graph. When celebrities or politicians have their e-mail accounts hacked [mashable link], it’s often a reminder of just what sort of information we all have that we might not want to be made public.
Our Questions for Facebook
Because Facebook’s new messaging system is still rolling out, we have some questions for the company regarding how it will handle security, malware and spam.
Some as-yet-unanswered questions include:
- How will Facebook deal with spam messages that are sent from a user you call a friend? As we’ve seen in the past, it’s not difficult for rogue apps to take over your message account and send malware links or spam to people on your friends list.
- What types of attachments can be sent and received via Facebook.com e-mail addresses? Will these attachments be scanned for malware before being delivered to your inbox?
- Will Facebook consider enforcing SSL-logins for messaging?
- How will Facebook address sandboxing the Facebook.com message system from what information is available to app developers? Yes, we know applications aren’t supposed to be able to access certain information anyway, but how will Facebook.com e-mail data be segmented from any other application layers?
It’s too early to be too critical or too fawning of Facebook’s new message system. That said, we do think it’s important to point out the very real-world security implications that are inherent in any platform that encompasses so much potential information.
Do you trust Facebook to be your e-mail address?[via mashable]
Posted in: Facebook
0 comments:
Post a Comment