Monthly Archives: May 2011

Facebook Exposes Us Again – Change Your Facebook Password, now.

If you haven’t changed your Facebook password since May 10, 2011 (3 weeks ago from this writing), you should take the time to change it now. It’s been a scary few weeks with the Sony PlayStation Network hack, and all the recent security breaches. As many of you know there have also recently been a growing number of incidents of Facebook viruses and worms. I’ve personally received a number of false posts, from my Facebook friends, over the last few months that were not actually posted by my friends. How many of you got the Facebook worm with the fake link to the Osama Bin Laden photos?

The good news is that Facebook has been very responsible in taking action to correct these issues. Chief among them is that they have recently announced a change in their security authentication system to the new OAuth authentication standards.

So why should you change your Facebook password? Here’s why: According to Symantec, a leading anti-virus, security, and privacy protection company: Prior to implementing these new authorization measures, third party vendors of Facebook “have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.” No one knows if this security breach has been fully exploited yet, but the important thing is that it can be completely thwarted by simply changing our Facebook password.

The Symantec blog, explains in detail how the security flaw could be exploited and how it works. On his Security Now podcast, Steve Gibson, talks about this issue and the potential for hackers to farm third party advertising sites for the security tokens found in the Facebook security flaw. These security tokens are stored in logs on every internet server that has shown you an advertisement or a photo or a game while you’ve been on the Facebook site. If hackers were to acquire these Facebook security tokens, they could access your Facebook information as if you had given them authorization to do so.

To avoid this from happing, all you have to do is to change your Facebook password. Changing your Facebook password effectively renders all previous security tokens invalid.

What Facebook has done to make us safe:

  1. Facebook has begun implementing a new authentication process and technology using the OAuth 2.0 standard. Full implementation of the new OAuth security will be complete by October 1, 2011.
  2. Facebook has also instructed third party developers how to “Keep Users Safe” on their May 13, 2011 Developer Blog.
  3. As of 5/10/2011, Facebook has removed the application programming interface (API) so people will not be able to exploit this security flaw going forward.
    1. Note: the issue is that these security tokens have been available and have been recorded for years, on servers all over the Internet. All someone would need to do, if you haven’t changed your password, is to find an old token on some server log and use it to access your account. There are bound to be lots of places hackers could compromise to get at these old logs and Facebook security tokens.

So do yourself a favor and change your Facebook password today.

Leave a comment

Posted by on May 30, 2011 in Privacy and Security


Windows Phone Developer Tools for Mango (via Windows Phone Secrets)

Paul Thurrott provides the links to the new Windows Phone Mango Developer Tools.

The Windows Phone Developer web site highlights the initial public release of the Windows Phone Developer Tools for Mango. Microsoft today announces the immediate availability of our Windows Phone Developer Tools for Mango. Go get these tools now, and you can immediately start building cool apps and games that take advantage of all of the new functionality we announced and discussed in depth at the MIX11 conference in Las Vegas in April. We liste … Read More

via Windows Phone Secrets

Leave a comment

Posted by on May 24, 2011 in Uncategorized


Microsoft Fuzzy Lookup Add-in for Excel 2010 Walkthrough (via Dan English’s BI Blog)

Dan English walks you through installing the new Fuzzy Lookup Add-In for Excel 2010.

Microsoft Fuzzy Lookup Add-in for Excel 2010 Walkthrough I was just out exploring the Microsoft Downloads area this morning to see if there was anything new to check out.  And what do you know, I came across a technology preview developed by Microsoft Research of a new Add-in for Excel 2010 – Fuzzy Lookup Add-In for Excel.  The Add-in provides users to be able to compare two sets of data to do some cleansing and to get at a single representation text value.  The reason that this is neede … Read More

via Dan English's BI Blog

Leave a comment

Posted by on May 15, 2011 in Uncategorized


a blog by Bryant Avey

Bamboo Innovator

R.E.S.-ilience in Value Creation 《竹经:经商经世离不得立根创新》

On Purpose Magazine

Inspiring, Educational, Enlightening and Entertaining Content of Value


The real-time, continuous word tournament!

Ricky's Bing Maps Blog

A blog focused on developing applications with Bing Maps

a blog by Bryant Avey

JJ's Blog

Microsoft Business Intelligence and SharePoint in Action

SQL Server Rider

Database, SSIS, SSAS, SSRS, PowerPivot, GIS

Nishant Rana's Weblog

Everything related to Microsoft Technology


SharePoint, ProjectServer and Microsoft Platform

Connection Agent

What do you need? Ask Steve!

Choiceology Blog

Just another weblog

Tales from the IT Side

Understanding SharePoint and how it interacts with your organization

Reckless Abandon

...with all your heart, soul, mind, and strength


Serving up the hottest dishes on

Clayton's SharePoint Madness

All About SharePoint, InfoPath, and SharePoint Designer!

...focusing on the evolution and economics of high technology business and strategy. By day, I am a venture capitalist at Benchmark Capital.


Get every new post delivered to your Inbox.

Join 1,777 other followers

%d bloggers like this: