McAfee Will Offer Free Six-Month Subscriptions to Facebook Users - McAfee becomes Facebook's main security service provider - Softpedia:
"Facebook and McAfee announced on January 13, 2009 a partnership through which over 350 million Facebook users will benefit at no cost of a free six-month subscription to McAfee's Internet Security Suite security software. After this six-month period, Facebook users will have the possibility to extend their license at a special discount price.
Besides the free software, Facebook users will benefit from a whole range of new tools built to enhance their and Facebook's security at the same time providing a safer and virus-free environment on the social networking platform.
Users who had their account infected or compromised now have the possibility to employ a new and innovative tool developed by Facebook and McAfee, which will help them re-secure their account. Custom McAfee technology will scan and clean the user's computer before allowing them to log on Facebook again. This tool incorporates McAfee technology and will be provided at no costs for the user.
Facebook has declined to financially capitalize on its users and will provide (alongside McAfee) a series of tutorials and educational materials to help them raise their security knowledge.
McAfee was chosen as the premiere software security provider after Facebook spent serious time on a review process of major security companies. Products like McAfee SiteAdvisor (website rating technology) and McAfee Active Protection (technology for almost instantly blocking known and unknown online threats) have been critical in the reviewing process.
It is unsure whether these products will be included in Facebook's new security measures aimed at detecting and blocking suspicious activities in real-time.
Regarding this topic, Jake Brill, Facebook representative and Project Manager in Facebook's Integrity Team, had this to say, “We invest in dedicated teams and advanced technical systems that detect and block suspicious behavior. When we find a message with a link to a fake login page or other malicious website, we prevent it from being sent and delete all instances of it from the site.” He added that “We also work with third parties to get malicious sites added to browser blacklists or removed completely.”
Users can learn more on this offer by visiting McAfee's Facebook page and clicking on the “Protect Your PC” tab.
Facebook has set up a Security Page for updates and tutorials on issues and topics concerning the site's security."
Showing posts with label fb. Show all posts
Showing posts with label fb. Show all posts
Monday, January 18, 2010
Wednesday, December 23, 2009
Unhide Friend in FaceBook
In FaceBook
Click on that and it should pop up any hidden friends, ask if you want to add them back to your news feed.
Just hit yes and you should be able to view the feeds from the friends too.
Monday, November 9, 2009
Major Security Hole Discovered on Facebook and MySpace - The oversight allowed account hijacking and theft of user data - Softpedia
Major Security Hole Discovered on Facebook and MySpace - The oversight allowed account hijacking and theft of user data - Softpedia: "A Web developer has documented a proof-of-concept attack that could have been used to hijack accounts and steal private information on Facebook and MySpace. The attack leveraged a serious security oversight in XML configuration files used to define the cross-domain access policy for Flash applications.
The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account that accessed my application,” he notes on his blog.
As the programmer goes on to explain, this is not actually a bug, but an insecure configuration issue in crossdomain.xml. This file can be used to tell a Flash application, loaded from a URL and executed locally on the client, if it is able to access a file served from its domain. For example, if the owner of domain A wants to let an application from domain B access its files, it can specify domain B in the crossdomain.xml on its server.
While the crossdomain.xml on facebook.com whitelisted only other domains and sub-domains associated with Facebooks, the similar file on connect.facebook.com contained an <allow-access-from domain=”*” /> directive. This meant that any Flash application, hosted on any domain, was allowed to access data on the connect.facebook.com sub-domain.
“This wouldn't be a big deal if the subdomain only hosts images, but unfortunately this domain hosts the whole Facebook property, including a facebook user session,” Mr. Schaap notes. The web developer goes on to point out that if a user has auto-login enabled and is served with the URL to a specially-crafted flash file, an attacker could obtain full control of their account.
MySpace also suffered from a similar crossdomain.xml misconfiguration, though not as obvious as in Facebook's case. In particular, the crossdomain.xml on myspace.com granted access to a farm.sproutbuilder.com sub-domain. Sprout Builder is a web application building platform, which amongst other types of media, allows its clients to upload and incorporate .swf (Flash) files into their projects. As it turns out, these files are hosted on farm.sproutbuilder.com, thus opening the opportunity to create MySpace self-propagating social networking worm.
Yvo Schaap contacted both companies in advance of making this public and they moved swiftly to address the security problems. However, if two of the biggest social networking platforms left such gaping security holes opened, it is reasonable to assume that many smaller websites also have them."
Source: http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml
The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account that accessed my application,” he notes on his blog.
As the programmer goes on to explain, this is not actually a bug, but an insecure configuration issue in crossdomain.xml. This file can be used to tell a Flash application, loaded from a URL and executed locally on the client, if it is able to access a file served from its domain. For example, if the owner of domain A wants to let an application from domain B access its files, it can specify domain B in the crossdomain.xml on its server.
While the crossdomain.xml on facebook.com whitelisted only other domains and sub-domains associated with Facebooks, the similar file on connect.facebook.com contained an <allow-access-from domain=”*” /> directive. This meant that any Flash application, hosted on any domain, was allowed to access data on the connect.facebook.com sub-domain.
“This wouldn't be a big deal if the subdomain only hosts images, but unfortunately this domain hosts the whole Facebook property, including a facebook user session,” Mr. Schaap notes. The web developer goes on to point out that if a user has auto-login enabled and is served with the URL to a specially-crafted flash file, an attacker could obtain full control of their account.
MySpace also suffered from a similar crossdomain.xml misconfiguration, though not as obvious as in Facebook's case. In particular, the crossdomain.xml on myspace.com granted access to a farm.sproutbuilder.com sub-domain. Sprout Builder is a web application building platform, which amongst other types of media, allows its clients to upload and incorporate .swf (Flash) files into their projects. As it turns out, these files are hosted on farm.sproutbuilder.com, thus opening the opportunity to create MySpace self-propagating social networking worm.
Yvo Schaap contacted both companies in advance of making this public and they moved swiftly to address the security problems. However, if two of the biggest social networking platforms left such gaping security holes opened, it is reasonable to assume that many smaller websites also have them."
Source: http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml
Subscribe to:
Posts (Atom)