Facebook’s lax security
Facebook’s policy on applications have a some people concerened and wondering if application writing should be more restricted.
The latest attacks have involved privacy leaks, and the installation of malware. Over the last week, five seperate security issues have come up. One virus is a variation of “Koobface” which claims that the user must download a plugin to view a video.
Applications on facebook are not vetted, anybody is allowed to write an app and offer it to other people. Viral apps would often hide functionality in innocently looking buttons to spread themselves further or give away private information. Despite Facebook’s efforts to disable applications, the current policy allows it to pop up elsewhere.
Some people have clamored for the application hosting policy to be reviewed. Facebook believes its too early for these conclusions, and that changing the policy would be too drastic of a move.
(Source: nzherald)
(Source: cnet)
Comment by Father_Of_1000000
March 11, 2009 @ 4:13 pm
The problem with facebook apps is there are too many applications for facebook to monitor and test. One way to reduce the problem is to not have anyone being able to write apps for facebook. Only give “privileged” users the option to do so. That can be in the form of having the user submit their real identity. In that way, attackers can be easily traced to their real identity.
Another idea is to have a large user community to monitor each other’s applications. So for an app to go public, we need at least x number of users in the community approve it after using it and testing it.