iTnews

Facebook app changes could lead to security issues

By Dan Raywood on Jan 25, 2010 11:48AM

Email harvesting may attract attacks.

Facebook applications are becoming more promising targets for online attacks after the website launched new platform features that will enable developers to request email addresses from their users.

In an update last week, platform team engineer Arjun Banker said that Facebook Platform had improved communication between developers and users, and it had now delivered "on this commitment by providing a simple way for users to share their email addresses with you via a process designed to reduce friction and empower application".

Banker said: “While we're making the process of requesting email addresses more streamlined, some developers have been communicating with users through this channel for some time. For example, LivingSocial has been sending emails to users of Visual Bookshelf for the past two years, consistently driving ten per cent of traffic to the application.

“They have found emails are most successful when they provide users with dynamically-generated content (such as a listing or books a user has marked as ‘currently reading' or a feed of all friend activity). More engaging messages generated above-average click-through rates of 5-12 per cent.”

The update will allow application developers to ask users to share their primary Facebook email address so that they can communicate with them directly. Banker said: “We recommend you use email to send them interesting and relevant information, like receipts for purchases they make, messages to help reactivate them if they haven't visited your application or integration in a while, or newsletters promoting new features or contests.”

Banker said that Facebook expects applications and Facebook Connect integrations to adhere to the Facebook Platform policies and provide users with a trustworthy experience.

He also said that developers will also be held to the Federal Trade Commission's CAN-SPAM act, and he encouraged them to become familiar with the guidelines associated with emailing users.

However, security blogger and white hat hacker 'the harmony guy' voiced concerns, saying that over time, it will be likely that popular applications will routinely request email addresses from users, meaning that eventually some applications could have millions of addresses saved.

He said: “One SQL injection hole could potentially compromise all of those email addresses. Also, if the application had an cross-site scripting (XSS) vulnerability, one could easily launch a FAXX attack that requests email addresses from Facebook via FQL.

“This certainly all depends on several factors, one being whether many users embrace sharing their email addresses with applications. My recommendation to users would be against letting applications have your email address; Facebook does provide a proxy system if you really want messages. But I do hope this new feature will bring more attention to issues of security on the Facebook Platform.”

See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
addressesandapplicationasbechangescollectedcouldemailfacebookitsleadnightmareplatformsecuritystoredtouserswill

Partner Content

Security through visibility: supporting Essential Eight cyber mitigation strategies
Promoted Content Security through visibility: supporting Essential Eight cyber mitigation strategies
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
DoT Victoria turns to Oracle to implement unified cloud-based platform
Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform
Tick off the ransomware bandits
Promoted Content Tick off the ransomware bandits

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Dan Raywood
Jan 25 2010
11:48AM
0 Comments

Related Articles

  • Parliament now blocking 82 percent of email impersonation attempts
  • Facebook should tighten doxxing rules on home addresses
  • Meta accused by whistleblower of skimping on safety in Australia
  • Home Affairs says end-to-end encryption is detrimental to public safety
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers

Macquarie Bank creates a broker portal on Salesforce

Macquarie Bank creates a broker portal on Salesforce

Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability

Intel launches new AI chips

Intel launches new AI chips

Digital Nation

As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.