Security watchers have already begun fretting about the security implications of Facebook's new messaging system, warning that compromised accounts might be used to create potent Web 2.0 botnets. The system brings together Facebook messages, instant messaging chat and SMS messages in one location, a development that increases …
That's a very long-winded way of saying:
@facebook.com == @hotmail.com
Anyone automatically trusting a mail from either of those* needs their bumps felt.
I've said it before and I'll say it again. Given that the webmail providers all have very effective inbox spam filters these days, why the f*** don't they run 'em over outbound mail too? A simple fix rendering 'em effectively useless to the spammers. Moody stuff to an "Outbound Spam" box for manual** intervention. For a start, logging in to find your O/B spam box stuffed with crap would be a good hint that you've been pwned!
*Or, for that matter, the vast majority of the webmail services.
**Enforced as manual too.
My solution is simple - avoid Facebook completely. I'll just add *@facebook.com to my email spam list - *@hotmail.com is already there.
Users are more likely to open and trust a message which appears to have been sent by someone they know - one of their Facebook friends
Really? People actually know all of the 836 people they've got as "friends" on Facebook? Or is it more likely that they, like my other half, have accepted random friend-of-friend requests in order to bulk up the number of people in their Farmville list (and unlock more shinies or something)?
Surprisingly, you can get to know those random friend of a friend folks fairly quickly.
That is after all one of the ways we make friends in real life.
I have a FaceBook account that links to my real friends and I have a FaceBook sock puppet I created specifically for gaming. One of the games let me locate the user profiles of people I was attacking. After I finished beating the snot out of them, and occasionally getting the snot beat out of me, I would offer to friend them to compensate them for the damage I just did (or to avoid inadvertently attacking the people who beat the snot out of me). I'd say 95% of the people to whom I sent the request friended the sock puppet without a second thought. One guy from Israel did run me through the ringer with questions before friending me. At this point I would count 75% of them as acquaintance level friends - people you know and would say hello to at the bus or train stop, chat about the spouse and kids, what they are doing this weekend even if you wouldn't count them as a friend friend if you get what I mean.
But yeah, I am concerned about this new all encompassing interface, even if I don't opt in to it (which assumes it will BE opt in, a huge question in and of itself given Zuckerberg's previous forays into "security"). It might be enough to make me kill the accounts and tell my mother to do the same. I'll wait a bit and see, but it is starting to feel more dangerous. And that's more of a problem for Zuckerberg than Google will ever be, even if he is too stupid to know it.
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Did a date calculation bug just cost hard-up Co-op Bank £110m?
- Feast your PUNY eyes on highest resolution phone display EVER
- Wall St's DROOLING as Twitter GULPS DOWN analytics firm Gnip