Robert Dorrian » malware http://blog.ten-24.co.uk Computers, Coffee and Pedantry Sun, 07 Aug 2011 13:41:15 +0000 en hourly 1 http://wordpress.org/?v=3.3 Facebook Application Safety http://blog.ten-24.co.uk/2009/03/02/facebook-app-safety/ http://blog.ten-24.co.uk/2009/03/02/facebook-app-safety/#comments Mon, 02 Mar 2009 21:20:35 +0000 rob http://blog.ten-24.co.uk/?p=30 There’s been a recent outbreak of Facebook applications that spread by taking advantage of the notification system. The Gaurdian quote Mark Zuckerburg‘s interview with the BBC, and he seems to think “an open system anyone can participate in is generally better”; does he not realise that most users are prone to social engineering attacks and the mentality of “guilty until proven innocent” is no-where near enough to protect the main populace?

As for the technically minded, we get to see all of these spam messages from the rouge applications whenever one of our friends add them.

A simple solution as I see it, is not to enforce full vetting of all applications, but to simply change the notification system so that it becomes blatantly obvious when messages are not genuinely from a friend initiated action, but from some application attempting to masquerade. I do support stricter control over applications, but perhaps an interim measure would be to modify the notification display.

The notification system allows too much flexibility over the format of the messages sent out, for those interested, this is what the Error Check System and Closing Down notifications look like.

Error Check System Notifications Closing Down Notification

]]> http://blog.ten-24.co.uk/2009/03/02/facebook-app-safety/feed/ 3