There have been quite a few security concerns with Facebook, especially with the amount of personal information it collects on it’s users.
Of course there is Koobface and it’s many variants which have been propagating all kinds of spam through Facebook wall posts and messages.
I’m glad someone is offering a solution for free, yes they benefit from it too by being able to gather data on Facebook activity and the quantity of malicious posts occurring on Facebook.
Security vendor Websense if offering Facebook users and businesses a new free ‘firewall’ service that monitors their pages for malicious posts, links and spam.
Defensio 2.0 checks all posts to Facebook in real time against Websense’s ThreatSeeker Network, a database of problem URLs, before deciding whether to categorise a post as malicious or unwanted. This also draws from data gathered by US ISP Radialpoint and URL shortening service bit.ly before performing further heuristic analysis as a final check.
If a bad post is detected, the system logs and informs the user who makes the final decision. As with the original Defensio system – acquired a year ago when Websense bought the company of the same name – it can also monitor web pages for rogue posting, pre-emptively blocking those it deems unwanted.
“We are seeing real threats to Facebook such as Koobface,” said Websense senior research manager, Carl Leonard.
It seems to work on a ‘moderation’ model so if the software detects any suspicious automated messages/links or other dodgy activity it will block the post/message and allow the user to approve/deny the request.
But then it’s only going to be effective if take-up is good amongst the non-tech savvy users where the problems tend to be a lot more common.
Sadly this seems highly unlikely as only people who read sites like this will know about it, unless it get’s heavily promoted on Facebook..but then you have to contend with ad-blindness problems.
According to Leonard, an advantage of Web 2.0 monitoring was that it gave security companies a way of following criminals inside the otherwise closed world of social media, something that many security vendors can’t yet do. “We can have visibility into threats on these social networks, and have a fantastic feed of information that can benefit all our customers,” he said.
Leonard was not able to say when or if the monitoring might be available other social media sites or feeds such as twitter, where rogue behaviour can be difficult to spot.
The service is free for anyone with fewer than 50,000 posts per month, and for companies with 15 employees of less. For professional sites or sites with larger volumes of posts, the service starts at $5 (£3) per month, per site.
It’s free for most people, I’d imagine very few companies are making 1500 posts per day! Even if you need to pay it’s pretty cheap.
I hope to see more initiatives from companies like this, and ideally someone working with Facebook themselves to increase pro-active security measures on the site.
Obviously that’s not their first priority and with the recent brouhaha about their new privacy terms and default settings..you should be concerned about what information of yours they intend to utilise.
Source: Network World
- WAF-FLE – Graphical ModSecurity Console Dashboard
- LOKI – Indicators Of Compromise Scanner
- Integrit – File Verification System
- New Research Shows Facebook’s URL Scanner Is Vulnerable To Cloaking
- Facebook Allows Tor Access To Site
- Twitter & Facebook Taken Offline By DDoS Attacks
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,820 views
- Password Hasher Firefox Extension - 117,569 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,653 views