Sunday, May 30, 2010

Stay safe on Facebook


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
There has been so many talks about FB privacy recently, so I thought of putting my thoughts and tricks found on the net to stay as safe as possible on FB while connecting with the friends,[ the safest thing will be not to have an account and you can live without any fear of leaking your personal data ;) But since now FB has become part of our life for the most that is not entirely possible ]

Still not convinced the need to lock down your account!!! visit http://youropenbook.org/. Its a website that lets people search through the content posted by other people, who didn't bother to keep their updates private!!. A quick look at the recent searches will give you a glimpse of real danger!!.

So hope that site will make you understand the need for privacy [:P]. But unfortunately the privacy settings in FB are not that simple, even if you master it today it will definitely changed in few days!!. To add to the complexity, FB follows the "opt-out" policy than the "opt-in",which will make the profile public by default and gives you an option to opt-out!!.It should have been the other way around!.

Anyways, there are few apps/sites that will let you check the privacy level of your FB profile.
Privacy Check App

This is a FB application that will let you rate your profile privacy out of 21.It seems its impossible to hit a score of 21.I have found that a score of 15 will ensure you a profile with enough privacy. Mine was 14 before I changed the settings.
As a foot note, you can in-fact lock down your account to 100%, but then there won't be any point in having such an account. So have look at your score and decide on your self what to expose and what not to.
Another good tool is Reclaim Privacy but it was not working at the time of writing of this blog, hopefully soon it will be back in action.

What made FB so popular is the huge collection of apps it had.Which has now become the most serious threat to the users, because of the fact that once you let an application access  your profile,by default it will have access to all your personal information until you manually revoke it!!!. So far I haven't found any easy way to say which all applications are harmful and which are not!!. The best thing to do now if you are serious about privacy is go to Application Settings by clicking the Account tab on your top right side and remove all applications that you are not using now.You may have to check this list often to make sure that  no apps have sneaked in.

Wednesday, May 5, 2010

Facebook SCAMS


Blog moved. I have a new home now at www.rakeshmukundan.in Do update your bookmarks :)
As Facebook is growing in popularity,its increasingly becoming the target for various kinds of malicious attacks.I have spotted one such scam couple of days back, which will trick people into copy pasting javascript code into their browser's address bar.The code in the scam which I spotted did nothing but to invite all FB friends to view this particular scam page by sending out suggestions.Though it seems a harmless( irritating though) trick, one could some malicious intend ( say fetching the contacts personal details or session cookie) to it.
It started with the suggestion I received from a friend that I should become the fan of the page "WORST STATUS UPDATE ON THIS PLANET".Clicking this particular invitation will bring you into a page like this.

According to this page it is a two step process(!!) to reveal the WORST STATUS UPDATE EVER, first of which is to click the [LIKE] button.  

One you click the button, it will redirect you to another page, which will ask you to copy paste the given code into the browser's address bar and wait for the content to load.
While you wait, the code running in the background will send out suggestions to your FB friends, to become the fan of this page( which explains the suggestion I got).This page is no longer accessible now(thankfully), it might have taken down by the FB.

Googling parts of the javascript code showed that its a readily available piece of code to invite all your friends.Which shows this is not the only attempt made.( google revealed same tricks were used by scammers for long time, but still 2000+ people fell for this!!!).Its really disturbing to see that people blindly believe everything they see in the social networking sites( esp if it's supported/suggested by a friend). We really need to realize that not everything  we see needs to be true. So the best practice from my point of view is to think before you do something online.
Always remember, "NEVER COPY PASTE ANYTHING INTO THE ADDRESS BAR, NO MATTER WHAT IT CLAIMS TO DO"