A recent Facebook feature can be exploited to be a cyber-bullying tool in the wrong hands, a security vendor warns. Why not just put a gun to your head? Facebook and Twitter? Facebook's new feature – "reply to this e-mail to comment on this status" – gives attackers a way to post messages on other people's Facebook pages, according to a blog by security vendor F-Secure.
The intent of the feature is to allow Facebook users to respond directly from their e-mail when they receive e-mail notifications that include messages that have been posted to their Facebook accounts. These messages could include personal attacks that seem to come from a user but are actually written by someone who has compromised that person's e-mail account, for instance. They can respond without having to go to the Facebook site first, eliminating a step and thereby saving time. Authenticating to the Facebook site before writing a reply drops out of the equation, so someone other than account holders can post. "They can put words in my mouth," he says. But eliminating that step can also leave a crack in Facebook's armor, according to F-Secure security adviser for North America Sean Sullivan. If a user's e-mail account is compromised via phishing or direct hacking, spammers can respond to any Facebook notifications they come across, Sullivan says.
Facebook users can opt out of receiving the e-mail notifications altogether by adjusting their settings. It has posted a demonstration of how this can work here. This story, "Facebook tool could be exploited by cyber-bullies," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.
0 comments:
Post a Comment