TechBloggin.com

After the recent outbreak of a worm that hacked user Facebook accounts and disseminated through users contacts, Facebook responded with a post with advice to users on general tips about web security. Facebook head of security Max Kelly, a former FBI computer forensics examiner, wrote a blog post with advice to Facebook users including:

As a Facebook user you can help us protect you by doing the following things:

* Report any spam message or posting you see. The more reports we get, the easier it is for us to respond decisively.

* Never share your Facebook password with anyone. Never. No Facebook employee will ever ask for it, and no one else should know it. If you are ever prompted to log in to Facebook, make sure it’s from a legitimate Facebook web address. If something looks or feels off, go directly to www.facebook.com to log in.

Never entering your credentials on a non-Facebook site is very good advice, which most users should know by now and should adhere to. The problem is that Facebook do not seem to support these same principals when it comes to a users credentials from other sites, such as a users Google username and password, which Facebook requests when a user imports their contacts. The screenshot below is from Facebook, its the feature where a user can login to their Google, Hotmail or Yahoo account, from within the Facebook site, to retrieve their contacts.

This very feature directly contravenes what Facebook has stated in its own good security advice. While the message below the box does state that they do not store passwords, the point is more that the practice of users directly entering credentials from another site is a very poor design decision and generally very poor practice. Each one of the sites that Facebook integrates with supports oAuth or a similar authentication protocol that does not require the user to enter both their username and password. Better yet, most of those services also provide an API where the user can grant permission to Facebook to only access their address book, and not their whole email and certainly not every other service tied into it.

The Facebook security team have stated what is good practice on their blog, perhaps its time for them to direct their energies internally and evangelize support for oAuth and other open data formats as both a more secure and conveniant mechanism for data exchange.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: Nik Cubrilovic

written by

Facebook head of security Max Kelly, a former FBI computer forensics examiner, wrote a blog post tonight addressing the worm attacks on Facebook we wrote about earlier today. His advice to Facebook users: report suspected malware, and try not to share your password with anyone.

Kelly also says Facebook blocked the ability to link to the malicious website from anywhere on Facebook, although a black list approach like this is a never ending battle. The real solution on an individual level is to bail out of Windows to Mac or Linux where you are (relatively speaking) safe from these kinds of attacks. Of course, if too many of you do that, those operating systems will be targeted next.

A more general solution relies on an awareness campaign about these social hacks by the major sites like Facebook and MySpace. Eventually users will learn to avoid the newest trap, and the bad guys will be forced to invent yet more creative ways to get into your computer.

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

Source: Michael Arrington

written by

According to data released today by comScore, both Facebook and MySpace still trail Japan’s leading social network Mixi.jp by a wide margin, despite recent pushes by both networks to expand in the country. While Facebook’s Japan site has grown three fold in the last year, it still has only about 4% of the users that Mixi does (538,000 versus 12.7 million unique visitors in June).

The data confirm TechCrunch contributor Serkan Toto’s post last week that described why the two networks are largely failing in Japan. Toto explains that much of the problem stems from Facebook and MySpace’s late entry into Japan - it took both of them years to release localized versions, giving Mixi time to establish a stranglehold on the market.

According to Toto, another contributing factor has been a lack of changes made by MySpace and Facebook in response to Japan’s cultural differences (although both Facebook and MySpace argued that we missed key emerging partnerships and products they are developing). In Japan, many users are more concerned with security, privacy, and to some extent, anonymity - things that Mixi has placed more emphasis on than Facebook or MySpace.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: Jason Kincaid

written by

Update: Facebook responds to malware attacks.

Facebook malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through Facebook that aims to install trojan software on a user’s machine.

The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.” We didn’t go so far as to install the software, but our guess is that it zombies your computer, installs a keylogger, and other fun stuff.

A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.

Screen shots below.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: Michael Arrington

written by

Facebook will announce later today that it is adding a “Features” tab to the “Insights” area of the application management page.

The new tab will give developers a greater range of statistics on application usage, including the number of canvas page views, clicks on profile boxes, confirmations of feed forms, and additions and removals of bookmarks (which have replaced application installations). Developers will be able to graph changes to these statistics over time and compare how daily counts fluctuate within particular time periods.

The Palo Alto-based social network claims to be adding this new tab in response to developers’ requests for more insight into how users are actually using their applications.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: Mark Hendrickson

written by

Microsoft SVP Satya Nadella has announced that the company has expanded its deal with Facebook to integrate Microsoft’s Live Search into the social network. There are few details at this point, but Microsoft will be serving up advertising (both traditional and sponsored search results) through Facebook by the end of the year. Microsoft previously bought a $240 million stake in Facebook at a massive $15 billion valuation, in exchange for global advertising rights.

The news parallels the search deal that Google signed with MySpace in 2006, when it won the rights to provide search and advertising to the News Corp-owned social network, with a minimum rev share agreement of $900 million. Microsoft was also clamoring for search rights on MySpace at the time, but Google managed to beat it out by forging a hasty deal.

Google has had a hard time monetizing the search deal with MySpace, but it blames the under performance on the difficulty with monetizing social networks in general. It’s probable that Microsoft will run into similar issues on Facebook, but it may be just as concerned with exposing users to Live search as it is with generating revenue, at least in the short term. Back in 2006 Michael speculated that Microsoft may have been taking a loss on its initial advertising deal with Facebook, simply to beat out Google and get some traction in the advertising space. It may be taking a similar approach here.

Microsoft is eager to expand its Live search, which has languished far behind Google and Yahoo for years. In May the company launched an apparently desperate move to actually pay users for using the site through its Live Search Cashback program. That initiative has proven to be a success, increasing search usage by 15%. But Live search still trails Google and Yahoo by huge margins, accounting for only 9% of all search queries (Yahoo and Google account for 21% and 62% respectively).

Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.

Source: Jason Kincaid

written by

StudiVZ, the Facebook clone (and by clone, we mean exact duplicate) in Germany, says in an email that they still havn’t received the lawsuit complaint filed by Facebook on Friday. The lawsuit claims intellectual property infringement and accuses StudiVZ of running a “knock-off” of Facebook.

StudiVZ says they “cannot comment in detail” about the lawsuit since they haven’t seen it yet. But that isn’t stopping them from talking smack about Facebook in general. StudiVZ says they’ve filed for a declaratory judgment in the District Court in Stuttgart, Germany to “to have the responsible German court declare that the claims made by Facebook are without merit,” whatever they may be.

Marcus Riecke, the CEO of StudiVZ, goes on to call Facebook arrogant and says they are trying to create an international monopoly over social networking:

Now that Facebook, despite trying hard, has not been successful in the German market, the company seeks to obstruct studiVZ through court action. Their strategy appears to be: If you can’t beat them, sue them. There are numerous social networks. Facebook was not the first and certainly isn’t the only one. By attempting to harm studiVZ through a meritless California lawsuit, Facebook is arrogantly laying claim to an international monopoly over social networking sites that the facts show it does not deserve.

These comments would be credible if StudiVZ wasn’t such a direct ripoff of Facebook’s look and feel (see screen shot). Early versions of the StudiVZ site reportedly “borrowed” Facebook’s CSS files as well.

Perhaps StudiVZ could save themselves the legal bills and just hire a designer to come up with a unique profile and interface instead of posturing and filing counter suits in Germany.

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: Michael Arrington

written by

Facebook is pursuing social networks it believes have copied their design or features by suing German social network StudiVZ. The Financial Times has reported that Facebook filed a suit in the Californian Supreme Court against the German company for what it claims is an infringement of Facebook’s “look, feel, features and services”.

StudiVZ claims to have 10 million active members, and is the largest social network in the German-speaking world, covering Germany, Belgium and Switzerland. The network is actually comprised of three different sites; each one a separate social network aimed at different segments of the market. StudiVZ.net is the classic site for college-aged students, SchuelerVZ.net is for high school students and MeinVZ.net is for older adults (these three networks were very hard to decipher in German when I attempted to sign up).

Facebook does seem to have a claim here, as the German site looks like nothing more than Facebook in red and translated in German. Everything from the first public page, the sign-up page and the profile pages look eerily similar to the US-based social network. StudiVZ was acquired earlier this year by the German media group Georg von Holtzbrinck, with an acquisition price in the €100M range. They always say to sue where the money is, and Facebook has certainly found a pile of it by targeting Verlagsgruppe Georg von Holtzbrinck.

Disclaimer: This is not the real Mark Zuckerberg profile in StudiVZ (at least we don’t think so).

Crunch Network: CrunchBoard because it’s time for you to find a new Job2.0

Source: Nik Cubrilovic

written by