Security Review: Facebook Applications

By vkirst at 10:26 pm on January 9, 2009 | 6 Comments

In mid-2007, Facebook launched a free development platform that allows independent designers to create applications that integrate with core features of Facebook. Since then, over 33,000 applications have been made, the most popular of the applications having over 16 million monthly active users. Facebook applications are intended to be opt-in modular extensions of Facebook for which users can voluntarily register. Facebook itself is composed of a collection of applications; many of the features people perceive as emblematic of Facebook (e.g. the Wall, Photos, and Events, to name a few) are actually “applications” in this design scheme, and they are provided by Facebook by default when one registers for the website.

(Read on …)

Filed under: Security Reviews6 Comments »

Current Event: Beware, Cellphones Attacks Next

By mcam at 6:37 pm on | 5 Comments

[Devy Pranowo and Xia (My) Cam]

A report from the Georgia Tech Security Center predicts that botnets were likely to hit mobile phones sometime soon. Botnet <> can be delivered to machines through email or instant messages, which now is a feature many smartphones have. Because of the developing cellphone culture all over the world, what’s on cellphones can be great treats for attackers.

There are many reasons why this problem might arise. Cellphones are now essential in people’s lives. Many smartphone is taking over the market because it can do much more than just making voice calls. These phones can take pictures, send text messages, and send emails. Furthermore, now that cellphones can access the internet, people can download applications to run on their phones and might not be aware if they’re installing malicious software. The more prevalent use of cellphones and the more advanced technology adapted on cellphones means there will be more people impacted from unwanted malicious attacks.

At least for now, there is no evidence of attacks aiming at cellular phones, however the loopholes are there. As cellphone technology advances, it’s only matter of time. For now, since technology of cellphone has room for growth, there are opportunities to incorporate better security mechanisms as we develop cellular technologies. Also, it is important to educate user not to open unknown emails or URL that will allow Trojan, viruses, or worms to infect user’s cellphone and thus allow control of cellphone by attackers. The latter is the best way to prevent social engineering attacks.

Cellphone attacks may also relate to a bigger part of personal data security. As cellphones becoming important tools for personal and corporate communications, this is another way for attackers to gain private information. For example, attackers can easily obtain social security number or credit card numbers.
We think the reason there hasn’t been major attacks on cellphone is because there are so many different OS (Java-based Blackberry OS, Mac OS, Windows Mobile OS, etc) running on today’s cellphones, making it harder for attackers to create malicious code for them. But it’s better that some prevention should be done before bad things happen. For instance, cellphone producer should give warnings to user before they do potentially unsafe actions or download information from the Internet. With the warnings, users will be more aware of potential dangers of entering information or accessing data via their cellphones.

Article source:

Filed under: Current Events,Physical Security5 Comments »