If you haven’t changed your Facebook password since May 10, 2011 (3 weeks ago from this writing), you should take the time to change it now. It’s been a scary few weeks with the Sony PlayStation Network hack, and all the recent security breaches. As many of you know there have also recently been a growing number of incidents of Facebook viruses and worms. I’ve personally received a number of false posts, from my Facebook friends, over the last few months that were not actually posted by my friends. How many of you got the Facebook worm with the fake link to the Osama Bin Laden photos?
The good news is that Facebook has been very responsible in taking action to correct these issues. Chief among them is that they have recently announced a change in their security authentication system to the new OAuth authentication standards.
So why should you change your Facebook password? Here’s why: According to Symantec, a leading anti-virus, security, and privacy protection company: Prior to implementing these new authorization measures, third party vendors of Facebook “have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.” No one knows if this security breach has been fully exploited yet, but the important thing is that it can be completely thwarted by simply changing our Facebook password.
The Symantec blog, explains in detail how the security flaw could be exploited and how it works. On his Security Now podcast, Steve Gibson, talks about this issue and the potential for hackers to farm third party advertising sites for the security tokens found in the Facebook security flaw. These security tokens are stored in logs on every internet server that has shown you an advertisement or a photo or a game while you’ve been on the Facebook site. If hackers were to acquire these Facebook security tokens, they could access your Facebook information as if you had given them authorization to do so.
To avoid this from happing, all you have to do is to change your Facebook password. Changing your Facebook password effectively renders all previous security tokens invalid.
What Facebook has done to make us safe:
- Facebook has begun implementing a new authentication process and technology using the OAuth 2.0 standard. Full implementation of the new OAuth security will be complete by October 1, 2011.
- Facebook has also instructed third party developers how to “Keep Users Safe” on their May 13, 2011 Developer Blog.
-
As of 5/10/2011, Facebook has removed the application programming interface (API) so people will not be able to exploit this security flaw going forward.
- Note: the issue is that these security tokens have been available and have been recorded for years, on servers all over the Internet. All someone would need to do, if you haven’t changed your password, is to find an old token on some server log and use it to access your account. There are bound to be lots of places hackers could compromise to get at these old logs and Facebook security tokens.
- Note: the issue is that these security tokens have been available and have been recorded for years, on servers all over the Internet. All someone would need to do, if you haven’t changed your password, is to find an old token on some server log and use it to access your account. There are bound to be lots of places hackers could compromise to get at these old logs and Facebook security tokens.
So do yourself a favor and change your Facebook password today.
@BryantAvey
Bryant's Posts
Bryant on Google +
