Comments on: Facebook’s lax security http://cubist.cs.washington.edu/Security/2009/03/08/facebooks-lax-security/ Mon, 25 May 2009 11:35:08 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: Father_Of_1000000 http://cubist.cs.washington.edu/Security/2009/03/08/facebooks-lax-security/comment-page-1/#comment-8072 Father_Of_1000000 Thu, 12 Mar 2009 00:13:55 +0000 http://cubist.cs.washington.edu/Security/?p=1050#comment-8072 The problem with facebook apps is there are too many applications for facebook to monitor and test. One way to reduce the problem is to not have anyone being able to write apps for facebook. Only give "privileged" users the option to do so. That can be in the form of having the user submit their real identity. In that way, attackers can be easily traced to their real identity. Another idea is to have a large user community to monitor each other's applications. So for an app to go public, we need at least x number of users in the community approve it after using it and testing it. The problem with facebook apps is there are too many applications for facebook to monitor and test. One way to reduce the problem is to not have anyone being able to write apps for facebook. Only give “privileged” users the option to do so. That can be in the form of having the user submit their real identity. In that way, attackers can be easily traced to their real identity.

Another idea is to have a large user community to monitor each other’s applications. So for an app to go public, we need at least x number of users in the community approve it after using it and testing it.

]]>