RSS

Monthly Archives: May 2011

Facebook Exposes Us Again – Change Your Facebook Password, now.


If you haven’t changed your Facebook password since May 10, 2011 (3 weeks ago from this writing), you should take the time to change it now. It’s been a scary few weeks with the Sony PlayStation Network hack, and all the recent security breaches. As many of you know there have also recently been a growing number of incidents of Facebook viruses and worms. I’ve personally received a number of false posts, from my Facebook friends, over the last few months that were not actually posted by my friends. How many of you got the Facebook worm with the fake link to the Osama Bin Laden photos?

The good news is that Facebook has been very responsible in taking action to correct these issues. Chief among them is that they have recently announced a change in their security authentication system to the new OAuth authentication standards.

So why should you change your Facebook password? Here’s why: According to Symantec, a leading anti-virus, security, and privacy protection company: Prior to implementing these new authorization measures, third party vendors of Facebook “have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.” No one knows if this security breach has been fully exploited yet, but the important thing is that it can be completely thwarted by simply changing our Facebook password.

The Symantec blog, explains in detail how the security flaw could be exploited and how it works. On his Security Now podcast, Steve Gibson, talks about this issue and the potential for hackers to farm third party advertising sites for the security tokens found in the Facebook security flaw. These security tokens are stored in logs on every internet server that has shown you an advertisement or a photo or a game while you’ve been on the Facebook site. If hackers were to acquire these Facebook security tokens, they could access your Facebook information as if you had given them authorization to do so.

To avoid this from happing, all you have to do is to change your Facebook password. Changing your Facebook password effectively renders all previous security tokens invalid.

What Facebook has done to make us safe:

  1. Facebook has begun implementing a new authentication process and technology using the OAuth 2.0 standard. Full implementation of the new OAuth security will be complete by October 1, 2011.
  2. Facebook has also instructed third party developers how to “Keep Users Safe” on their May 13, 2011 Developer Blog.
  3. As of 5/10/2011, Facebook has removed the application programming interface (API) so people will not be able to exploit this security flaw going forward.
    1. Note: the issue is that these security tokens have been available and have been recorded for years, on servers all over the Internet. All someone would need to do, if you haven’t changed your password, is to find an old token on some server log and use it to access your account. There are bound to be lots of places hackers could compromise to get at these old logs and Facebook security tokens.

So do yourself a favor and change your Facebook password today.

 
Leave a comment

Posted by on May 30, 2011 in Privacy and Security

 

Windows Phone Developer Tools for Mango (via Windows Phone Secrets)


Paul Thurrott provides the links to the new Windows Phone Mango Developer Tools.

The Windows Phone Developer web site highlights the initial public release of the Windows Phone Developer Tools for Mango. Microsoft today announces the immediate availability of our Windows Phone Developer Tools for Mango. Go get these tools now, and you can immediately start building cool apps and games that take advantage of all of the new functionality we announced and discussed in depth at the MIX11 conference in Las Vegas in April. We liste … Read More

via Windows Phone Secrets

 
Leave a comment

Posted by on May 24, 2011 in Uncategorized

 

Microsoft Fuzzy Lookup Add-in for Excel 2010 Walkthrough (via Dan English’s BI Blog)


Dan English walks you through installing the new Fuzzy Lookup Add-In for Excel 2010.

Microsoft Fuzzy Lookup Add-in for Excel 2010 Walkthrough I was just out exploring the Microsoft Downloads area this morning to see if there was anything new to check out.  And what do you know, I came across a technology preview developed by Microsoft Research of a new Add-in for Excel 2010 – Fuzzy Lookup Add-In for Excel.  The Add-in provides users to be able to compare two sets of data to do some cleansing and to get at a single representation text value.  The reason that this is neede … Read More

via Dan English's BI Blog

 
Leave a comment

Posted by on May 15, 2011 in Uncategorized

 
 
InterNuntius

a blog by Bryant Avey

Bamboo Innovator

R.E.S.-ilience in Value Creation 《竹经:经商经世离不得立根创新》

On Purpose Magazine

Inspiring, Educational, Enlightening and Entertaining Content of Value

Wordament

The real-time, continuous word tournament!

Ricky's Bing Maps Blog

A blog focused on developing applications with Bing Maps

a blog by Bryant Avey

JJ's Blog

Microsoft Business Intelligence and SharePoint in Action

SQL Server Rider

Database, SSIS, SSAS, SSRS, PowerPivot, Spatial

Nishant Rana's Weblog

Everything related to Microsoft .NET technology

Jimblog

SharePoint, ProjectServer and Microsoft Platform

Connection Agent

What do you need? Ask Steve!

Choiceology Blog

Just another WordPress.com weblog

Tales from the IT Side

Understanding SharePoint and how it interacts with your organization

Reckless Abandon

...with all your heart, soul, mind, and strength

FoodPress

Serving up the hottest dishes on WordPress.com.

Fortune Tech: Technology blogs, news and analysis from Fortune Magazine

Fortune's tech team offers analysis and perspective on the world's most important developments.

Follow

Get every new post delivered to your Inbox.

Join 1,771 other followers

%d bloggers like this: