Posts Tagged ‘Social Networking’
Trusting the Experts?
I wrote an article in the recent issue of the Technical Tidbits Newsletter about this, but now, the more I’m thinking about this whole instance, the more disturbed I’m becoming.
Yesterday morning, a friend posted a link to a Mashable article about a fishy Facebook app. According to the article, Facebook Fan Check Virus: Something Fishy Going On, it was being rumored that the app had a virus.
The author of the article, Stan Schroeder, discounts the claims because they found no proof of a virus (they I’m assuming is mashable) and it hasn’t been posted on any of the major vendor sites like McAfee or Symantec.
The article further went on to state that:
We believe that this is merely a two part hoax: on one hand, you have a defunct application that allegedly lets you see who’s been visiting your Facebook profile – which cannot work due to Facebook’s policies, and all applications claiming to do so are scams. On the other, spammers and malicious hackers are feeding the rumors around this application to lead people to search for a solution, and getting their computers infected by malware in return.
That is mashable’s official diagnosis – a hoax. I can retire now. Mashable “THE NAME” in social networking is now “THE NAME” in security!
I’m not coming down on Mashable. I think that they are an awesome source for social networking news, don’t get me wrong. But what I find a problem with is authorities in one field stating something as if they were an authority in another. Being an expert in social networking does not a forensic security expert make!
This whole Facebook app thing could very well be a hoax, however, some of the activity that’s being reported rings of a Cross Site Scripting (XSS) vulnerability! Is it? I don’t know! Facebook is supposedly investigating it as reported again by mashable in a related post.
What concerns me in this related post – which is also an alert – is this statement:
“….Facebook also tells us that they’ve “disabled some of its functionality due to other concerns.”
What other concerns? Are they (Facebook) suspecting Cross Site Scripting too? Perhaps we will find out that it is, or we’ll hear that it was a hoax. However, it seems like someone went really out of their way to create such an elaborate hoax by building a semi-working app?
But back to my concerns about this article and Mashable’s initial claims.
To have someone as credible as Mashable declare this potential security issue a hoax, does a disservice to the Internet community and gives way to more potential suspect activity if this thing is more than a pure hoax.
All I want to call to your attention is, just because a blog or website is popular, doesn’t mean they are the expert in all matters of the Universe – and security!
Be careful who you listen to and take advice from in the matter of security. You wouldn’t come to me to diagnose the pain in your stomach – I’m not a doctor. But if I started blogging medical information, would you reconsider that?
I think you see my point.
For all things social networking, go to Mashable. They are THE NAME IN SOCIAL NETWORKING NEWS. Warren Whitlock is THE NAME IN TWITTER AND SOCIAL NETWORKING for learning about it.
But when you have a security concern or suspect issue, I am here along with many other names in security that is their primary line of work and education.
Don’t trust your security to just anyone!
1 Comment »
Has Digg Dug its Grave?
My Gmail account has been empty as of late. No shouts from my Digg friends.
In fact, except for a few direct e-mails from a few of my Digg friends, I hardly ever visit there anymore.
Which leads me to the question of the day – has Digg dug its grave?
Several weeks, maybe even a month ago, Digg removed the ability to shout a post to your Digg friends. I vaguely remember that they also said they would give us a replacement for it, but I’ve yet to see a new solution.
The shouts were what I believed made Digg so user friendly and easy to maintain. Now, it’s tedious to remember to go back to Digg daily and see what’s going on.
Now, the only option is to share the article via e-mail, twitter, or Facebook.
Excuse me Digg, but I’m not going to take the time to purposely login to your site just to post to my twitter account and Facebook. Did you think you would just be able to ride the coattails of popular social networking sites without doing your own work?
Today in fact, except for a @mashable entry on the Top 5 Funniest Fake Facebook Pages, there’s not the same level of activity I’ve seen in the past.
Maybe it’s just me?
What’s your feelings about the removal of shouts in Digg? Do you think they dug their grave? Comments welcome!
Have a great week! I’m off to write this weeks Security Digest!
Debbie
4 Comments »
 |
 |
 |
|
||
 |
|
 |
|
||
