Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

5/14/2010
11:00 AM
50%
50%

Facebook Adds Two Privacy Tools

Both tools have to do with stopping unknown devices from logging in to a user's Facebook account.

Following Thursday's quickly convened meeting to discuss user privacy concerns, Facebook has unveiled two tools designed to help protect account-holders from scammers and alert users to suspicious activity.

With one tool, users can elect to approve the devices they typically use to log-in and receive e-mail or text notifications. This feature would serve as an alert if another, unselected device is used to access the account.

"For example, you can save your home computer, your school or work computer, and your mobile phone. Once you've done this, whenever someone logs in to your account from a device not on this list, we'll ask the person to name the device," wrote Lev Popov, a software engineer on Facebook's site integrity team, in a company blog.

The opt-in feature is available under the Account Settings page. Users may click the link next to "Account Security," and select the option to receive notifications for log-ins from new devices. The first time users access their Facebook accounts, they must name and save the devices they use to log onto Facebook.

To block suspicious log-ins, if the Facebook system determines if someone is trying to access an account from an unknown device and asks the individual to answer a verification question to prove their identity. Identifiers could include date of birth, identifying a friend in a photograph or answering a previously-provided security question, Popov wrote.

"These questions are designed to be easy for you, and hard for a bad guy, and we've already seen some great results," he said. "Once you've confirmed your identity, you'll have the opportunity to review recent logins on your account and reset your password if you see logins that you don't recognize."

These tools -- which Popov said have been under development for several weeks -- do not, however, address Facebook's policies towards user information and privacy. The European Union's Article 29 Working Party, part of the EU's Justice and Home Affairs' Data Protection division, added its voice to those cautioning Facebook about its approach to user privacy.

Earlier this week, the division wrote to Facebook, stating its dissatisfaction with the site's changes to its privacy settings.

"It is unacceptable that the company fundamentally changed the default settings on its social-networking platform to the detriment of a user," said a statement from the Working Party. "Facebook made the change only days after the company and other social networking sites providers participated at a hearing during the Article 29 Working Party’s plenary meeting in November 2009."

In the U.S., four Senate Democrats have asked the Federal Trade Commission to develop guidelines governing the way social networking sites can use information submitted by users. Privacy groups the Federal Trade Commission and Congress that the social network is violating consumer protection laws.

Facebook hired this month former U.S. Federal Trade Commission chairman Timothy Muris to help defend the popular Web site's privacy practices in Washington, D.C.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.