Facebook f8 changes raise five serious security and privacy concerns

SYDNEY & AUCKLAND– September 29, 2011 – Facebook’s planned changes from this year’s f8 Developer Conference may risk flooding the site with Twitter-style spambots and an increase in targeted attacks on its users, according to BitDefender, an award winning provider of innovative internet security solutions.

After updating Privacy Controls and silently pushing Smart Lists, the f8 Developer Conference pushed usability and privacy to a new level: Subscribers, News Ticker and Wall facelifts, as well as the star of the conference, Timeline and the new Open Graph. While these new features will drive more interaction and sharing between Facebook users, BitDefender believes that the number of privacy and security breach incidents will also increase as a result.

Catalin Cosoi, head of BitDefender’s online threats lab, shares five key concerns:

1. Smart Lists will prompt users to share more information publicly, but will also have the adverse effect of supplying ammunition for targeted attacks.

Smart Lists encourages people to complete their profile with details of their career, work projects, where they went to school or which city they live in. Every time someone creates a list with colleagues from a specific job, this is tagged in their profile. Of course, this is generally not confidential information, and the user has the final decision on whether to approve or reject the tag.But having this information public and indexable will make it much easier to create sophisticated, targeted attacks. Attackers will be able to find out exactly who is working for a specific company at any given time, their job and, more importantly, what project(s) they are working on. The additional information available to a hacker may lead to an increase in socially engineered attacks on businesses, where hackers attempt to gain access to a company’s network or confidential information by targeting its employees as the point of entry.

2. Subscribe feature could increase the number of spambots, just like on Twitter.
   
   The recently introduced subscribe feature lets Facebook users follow people of interest, much like Twitter. It also allows your updates to be followed by others, even if they are not friends with you on Facebook. But with the introduction of Twitter-like features, BitDefender believes that Facebook users may see an increase in the number of Twitter-like threats and annoyances, too. These include spambots and fake schemes that try to lure users in with promises of obtaining more subscribers to their profile page.

3. Everything you have ever shared on Facebook is now available and easy to browse.
   
   Facebook’s new Timeline is a revolution of usability, but it's also the open story of your life to date on the social network. If the default settings are not changed, to restrict who can see your wall, the content will, by default, be available for anyone to see. Friends, photos, places you have checked in, relationships and much more. It’s important for Facebook users to be aware of this privacy setting when using Timeline, and adjust this accordingly in order to protect their profile information.

4. Health is now social... and public.
   
   The Facebook timeline considers health information social. While it will be easy to share health-related updates such as breaking a bone, undergoing surgery or overcoming an illness, this information is also set to public by default. While seemingly innocuous, information about health that is shared publicly may risk being exploited for identity theft or social engineering attacks.

5. Widgets… the open door to interactive scams.
   With Timeline, Facebook also introduced widgets that live on users’ profile pages, which takes social interaction to a whole new level. Until now, anyone who had an application installed could only interact with other users within the app. Now, the app is on the user’s wall, so anyone who interacts with the user profile can also interact with the app.This isn’t a concern for legitimate apps, but the ease with which they can be accessed may lead to fake or scam apps spreading quickly through the social network.