Facebook | Bach Seat

Tag Archive for Facebook

RB | November 21, 2010

Comments Off

Facebook is Biggest Social Networking Risk

Data from anti-malware vendor Sophos‘ 2010 Security Threat Report (PDF) says Facebook is the leader in privacy risks, spam, and other malicious activity. 60 percent of the respondents to a Sophos survey identified Facebook as the biggest security risk in social networking, followed by MySpace (18%), Twitter (17%), and LinkedIn (4%).

It is not surprising that users regard Facebook as the top risk. Facebook’s over 500 million users, offer criminals a cornucopia of personal data to exploit. “Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made,” said Graham Cluley, senior technology consultant for Sophos.

Criminals have focused their efforts on social media

Sophos’ research shows that criminals have focused their efforts on social networking users in the last 12 months creating an “explosion” in social networking spam and malware complaints. Sophos found that 57% of social network users were spammed on one of the sites, an increase of 70 percent compared to last year. They also found 36% of social network users reported being sent malware, a 70% increase over last year. “The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks,” Sophos’ Cluley added.

Three things working against Facebook users

There are three things working against Facebook users, themselves, malware, and Facebook. Facebook users typically give away more private information to Facebook than other sites. Though most people’s profiles it is possible to find out their first, last, and maiden names, where they live, where they went to school, and even worse, historical information like where they lived in the past. A lot of this private information is required on many online credit checks, providing a boom for criminals looking to exploit a user’s credit history or steal their identity.

The most common malware used on social networks is Koobface. Koobface can target all the popular social portals, including Facebook, MySpace, Bebo, Friendster, Tagged, and Twitter. According to the report, Koobface is capable of, “... registering a Facebook account, activating the account by confirming an email sent to a Gmail address, befriending random strangers on the site, joining random Facebook groups, and posting messages on the walls of Facebook friends. Furthermore, it includes code to avoid drawing attention to itself by restricting how many new Facebook friends it makes each day.”

Another threat is Facebook applications. Criminals can create malicious Facebook applications designed to steal information and they can find holes in pre-existing applications and exploit them. Legitimate Facebook apps will give away your information if you allow them to (as I have written about here and here). Once an app has permission it can harvest all the information in a Facebook profile and send it to criminals. Before users grant an application access to all of their information, they should Google the publisher to see if they are legitimate or not. Any application that starts doing anything strange or suspicious should be removed immediately.

Facebook has tried to address these risks by issuing a new privacy policy. However, Sophos’ Cluley called it a step backward, because the new settings are “encouraging many users to share their information with everybody on the internet.” According to Facebook only 35% of their users actually customized their settings leaving 65% who presumably didn’t change their settings and continue to share valuable data, which is then used to propagate spam and malware.

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: 2010, Facebook, FB, Identity Theft, KOOBFACE, LinkedIn, LNKD, Malware, MySpace, Social media, Sophos, SPAM, Twitter, TWTR

RB | November 13, 2010

One comment

Terabit Ethernet Developing

Researchers at the University of California, Santa Barbara (UCSB) are working on the next evolution of Ethernet – Terabit Ethernet. UCSB Professor of Electrical and Computer Engineering Dan Blumenthal told LightReading that the goal of the recently created Terabit Optical Ethernet Center (TOEC), is to create Terabit Ethernet (TbE) which runs at 1 trillion bits per second by 2015 and to follow it up with 100Tbit/s Ethernet by 2020.

Professor Blumenthal explained to LightReading that he wants the TOEC and its partners to produce something the industry can use, not a one-time lab experiment that only works with duct tape and glue. “We’re not talking about lab hero experiments,” Blumenthal told LightReading. The real-world focus of TOEC has helped attract partners like Agilent Technologies Inc. (NYSE: A), Google (NASDAQ: GOOG), Intel Corp. (NASDAQ: INTC), Rockwell Collins Inc., and Verizon Communications Inc. (NYSE: VZ) to help with the research. I wrote about Intel’s TBPS efforts back in July.

Terabit Ethernet is hard

TOEC could probably use the help because developing TbE is looking like no simple task according to LightReading. Bob Metcalfe, Ethernet’s creator, and now a Polaris Venture Partners partner, speculated two years ago that a terabit standard might need a rethinking of everything, even the fiber itself.

Based on current UCSB research, professor Blumenthal speculates that TbE may include:

Photonic integrated circuits (PICs) are a must.
Coherent receivers, but at a scale well beyond what’s being used for 100Gbit/s Ethernet. A likely candidate is 1,024-QAM: quadrature amplitude modulation (QAM) transmitting 10 bits per symbol, a scheme likely to require 100GHz electronics.
To make that coherent receiver energy-efficient, TOEC is “trying to move a lot of what’s in the digital signal processor into the optics,” Blumenthal says.
New materials for fiber-optics aren’t out of the question. “We won’t start out with that, but it’ll move in that direction,” Blumenthal says.
Other items on the TOEC shopping list include optical phase-locked loops, new semiconductor optical amplifiers (SOAs), and methods for drastically lowering on-chip optical losses.

The questions go beyond the optical layer. To make operations more synchronous padding and frame delineation were added to 10Gbit/s and 100Gbit/s Ethernet, Blumenthal pointed out. “Do we keep doing that? Or do we go purely asynchronous? We don’t know yet. …Once you put the word ‘Ethernet’ in there, it’s not about just transmission. It’s about being backward-compatible. That’s the beauty of Ethernet. We can’t lose that essence.”

rb-

The need for TbE is real (I first wrote about Intel’s TbE efforts here) and being driven by video. More video is already riding over existing networks. “We’re going to need much faster networking to handle the explosion in Internet traffic and support new large-scale applications like cloud computing,” Professor Blumenthal told Physorg. Stuart Elby, Vice President of Network Architecture for Verizon told Physorg, “Based on current traffic growth, it’s clear that 1 Terabit per second trunks will be needed in the near future.”

Facebook is already looking at TbE in their data centers. PCWorld reports that at the Ethernet Alliance‘s Technology Exploration Forum, Donn Lee, a Facebook Engineer said, “… there is already a need for 1 terabit.” Facebook has so many servers, and those servers can process data so fast, that they could fill 64 Terabit Ethernet pipes in the backbone of one data center, Lee said.

Terabit trial gives Telstra some backbone (go.theregister.com)

Category: Uncategorized | Tags: 2010, Agilent Technologies, Ethernet, Facebook, FB, GOOG, Google, INTC, Intel, Networking, Terabit, Verizon, VZ

RB | October 24, 2010

Comments Off

Facebook Privacy Fail Again

-Updated 11-01-10- Facebook has completed its internal investigation into reports from The Wall Street Journal that Facebook applications were violating its user privacy. The WSJ says FB is sharing unique user IDs with advertising agencies and data collection companies. According to the firm’s blog, some developers were sharing Facebook UIDs with data brokers for a fee, “this violation of our policy is something we take seriously,” Facebook engineer Mike Vernal wrote in the corporate response.

The Social Networker is reportedly taking action against developers who violated the Facebook policies by “instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies” according to the corporate blog.

The blog also states that Facebook has struck a deal with Rapleaf (Which I wrote about here), the data-mining firm that has tied Facebook ID information collected by Facebook applications to a database of Internet users it sold. “Rapleaf has agreed to delete all UIDs in its possession, and they have agreed not to conduct any activities on the Facebook Platform (either directly or indirectly) going forward.”

—

Last May Facebook was caught using “referrers” to send users’ ID information to advertising agencies every time the users click on ads. In response, the social networker changed some of the code that allowed this and issued a half-hearted apology. Now, the Wall Street Journal has found that third-party applications or “apps” on Facebook have been guilty of the same thing. The WSJ says the privacy breach affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings.

“Apps” are pieces of software that let Facebook’s 500 million users play games or share common interests with one another. The company says 70% of users use apps each month. The WSJ found that all the 10 most popular apps on Facebook were transmitting users’ IDs to outside companies including:

FarmVille,
Phrases,
Texas HoldEm,
FrontierVille,
Causes,
Cafe World,
Mafia Wars,
QUiz Planet,
Treasure Isle
IHeart.

The WSJ says that Zynga Game Network Inc.’s (ZNGA) FarmVille, with 59 million users has also been transmitting personal information about a user’s friends to outside companies.

The information being transmitted includes the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation, and photos. The apps reviewed by the WSJ were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.

The Journal found that data-gathering firm, RapLeaf Inc., (Which I wrote about earlier) had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms including Google’s Invite Media, the Journal found. “We didn’t do it on purpose,” said Joel Jewitt, vice president of business development for RapLeaf to the WSJ.

Facebook has again issued a statement that it will look into the matter and correct the code and has in the meantime disabled thousands of applications. According to the WSJ, the applications transmitting Facebook IDs may have breached their own privacy policies. Zynga, for example, says in its privacy policy that it “does not provide any Personally Identifiable Information to third-party advertising companies.” A Zynga spokeswoman told the WSJ, “Zynga has a strict policy of not passing personally identifiable information to any third parties. We look forward to working with Facebook to refine how web technologies work to keep people in control of their information.”

rb-

Once again, Facebook has a user privacy breach on its hands. The social networker keeps promising to protect its customers’ personally identifiable information but never seems to get it right.

Perhaps the question Facebook users should be asking is does Facebook really want to protect their user’s privacy?

Facebook facial recognition tech ‘violates’ German privacy law (go.theregister.com)

Category: Social Networking | Tags: 2010, Facebook, FarmVille, FB, FrontierVille, Personally identifiable information, Privacy, Rapleaf, Security, Social media, ZNGA, Zynga

RB | October 1, 2010

2 comments

Banks & Bosses Use Social Media to Assess Risk

Updated 10-22-10 – GigaOm has a post about Rapleaf here.

If you’re among the 67% of the global online population which Nielsen Online says uses social media networks to stay in touch with friends, grow their business, or just have fun then your information is for sale to banks, insurance companies, employers, and the government. Some banks are turning to social media analytics firms to enhance their credit-check procedures.

Banks are now looking at an applicant’s social media profile, behavior, and associations on sites like Facebook (FB), Twitter, and MySpace according to a recent article on the banking industry site CreditCards.com. The banker’s theory is that people run with folks who share their values and behavior. If your Facebook friends are deadbeats, the banks theorize you are a deadbeat also. These assumptions may make it harder to get a credit card or mortgage, according to CreditCards.com.

Many banks are now outsourcing their social network data mining operations to firms such as Rapleaf. Rapleaf, is a San Francisco, CA-based company that specializes in social media monitoring. According to CreditCard.com, Rapleaf compiles everything you and your network do – including status updates, “tweets,” joining online clubs, linking a Web site or posting a comment on a blog or news Web site. These firms turn the conversations into consumer profiles called social graphs. Social graphs give companies insight into behavior patterns: what you like and dislike, want and don’t want, do well and do poorly.

In the article, Rapleaf characterizes its social network data mining operations as “a unique way to improve customer experience by whitelisting customers based on their social circles and friend relationships.” Since the firm uses data to “whitelist” people, it may also very easily be used to “blacklist” people and deny them a credit card or a job. “Who you hang around with has empirical implications with how you behave,” Joel Jewitt, Rapleaf’s vice president of business development told FastCompany.

“It’s a marketing trend as opposed to a credit score trend,” says Jewitt. Despite his assurances, Rapleaf’s Web site suggests that clients “use friend networks to enhance … credit scoring” according to FastCompany. Jesse Torres, president, and CEO of Pan American Bank in Los Angeles told CreditCards.com that online information aggregators fill a need within the banking community. “They’re able to scour the social media universe. They are constantly listening and reporting back.”

The bankers are protecting their bottom line, “credit card companies have been stung very hard during this downturn, and they’re going to work that much harder to avoid extending credit…,” Ken Clark, author of The Complete Idiot’s Guide to Boosting Your Financial IQ told CreditCards.com. Rob Garcia, senior director of product strategy at The Lending Club, a peer-to-peer lender, says his firm uses multiple sources of “social information collateral” for its decision-making processes “It’s a wealth of information about a person,” says Garcia.

Not everyone in the industry is data mining social networks. “It’s difficult to make a judgment about an individual’s credit based on the people around them,” says Gregory Meyer, community relations manager for Meriwest Credit Union in San José, CA. Meriwest only assesses credit reports and application data to make lending decisions. “[Social media] is a great way to keep up with what my 10-year-old nephew is up to, but it doesn’t have a place in the credit process.”

What you divulge can have an unintended impact. “We’ve seen this with applicants not getting jobs and employees getting fired for their Facebook and Twitter-based escapades,” financial personality Clark told CreditCards.com, “so we shouldn’t imagine this to be any different.” There are steps to take to guard your privacy. “I think it is crucial that everyone visit the privacy notices for the sites they use, read them, and change their settings to limit who can see their information,” says Clark. “For example, on Facebook, you can change your privacy settings so that only your acknowledged friends can see the majority of your information.” You can also enable “private filtering” on your browser. Do so and your activity will be entirely out of the Web profiling system.

Scott Stevenson, president, and CEO of EliminateIDTheft.com told CreditCards.com people should:

Don’t accept invitations until you check the profile out first.
Be acutely aware of what you write. Don’t make public anything you don’t want public.
Take an annual inventory of all your social networking sites and delete people and information that can potentially damage you in the eyes of a creditor or employer.

Rapleaf offers a service to discover your online footprint and see what others might see on your social graph. Google (GOOG) offers a similar tool, the Google Privacy Dashboard. which presents an overview of the accounts and information you are connected with through Google. Take advantage of tools like these to check your own online reputation. What you don’t know can hurt you. Rapleaf’s Jewitt reminds users that, “The custodian of the information is you.”

rb-

There is nothing illegal about social network data mining banks and firms like Rapleaf do. Facebook and the other social networks are legal commercial enterprises that openly broker user data for exactly these kinds of purposes. People freely put information on Facebook with the full knowledge that it will become permanent parts of the public Internet record. Users need to know about this kind of data mining for two reasons. First, the stakes are high. It’s about getting access to credit that might be necessary for your family or business or even getting your next job.

Second, data mining gives the lenders insights into relationships that are unknown to and often completely out of the control of the applicant. Maybe being a Facebook fan of NASCAR says something in the sum about your socioeconomic status and your creditworthiness or employability, according to some second-order derivative analysis of millions of data records.

The asymmetry in the relationship between data-driven marketers and consumers is structural and permanent. Institutions like banks (and, potentially, insurance companies, employers, and the government) will use it to gain an advantage, because that’s what they do.

With data brokers selling lists of alcoholics to big business, the feds have some thinking to do [GigaOM] (gigaom.com)

Category: Social Networking | Tags: 2010, Android, AOL, Data, Facebook, FB, GOOG, Google, Mining, MySpace, PII, Policy, Privacy, Rapleaf, Snapchat

RB | September 10, 2010

Comments Off

Microsoft Founder Sues GOOG, FB and AAPL

– Updated 12-13-10 – Physorg is reporting that a U.S. district judge tossed out the patent infringement lawsuit filed by Interval Licensing owned by Microsoft co-founder Paul Allen. The judge ruled that the suit failed to specify devices or products violating patents at issue in the case. A spokesman for Allen dismissed the ruling as a procedural matter and said that an amended complaint will be filed addressing the judge’s concern.

– Updated – Google responded to the suit by stating in court documents “Interval’s complaint is so devoid of any facts to support its infringement contentions that it is impossible for Google to reasonably prepare a defense.” According to VON | xchange Apple agreed and called on judges to “insist upon some specificity” before proceeding.

The UK’s Guardian is reporting that eleven major Internet companies including AOL, Apple, eBay, Facebook, Google, Netflix, Office Depot, OfficeMax, Staples, Yahoo, and YouTube are being sued by Interval Licensing. The firm, lead by ex-Microsoft founder Paul Allen is suing for alleged infringement of patents that relate to e-commerce and search. A copy of the complaint is available here (PDF). Notably absent from the list are Microsoft and Amazon.com. Amazon, the Seattle e-commerce giant just moved into a new headquarters campus developed by Allen’s Vulcan Inc. Interval is seeking damages and the end of the infringement. Among the patents being contested are:

6,263,507: “Browser for use in navigating a body of information, with particular application to browsing information represented by audio data.”
6,034,652 & 6,788,314 (really the same patent, involving continuations): “Attention manager for occupying the peripheral attention of a person in the vicinity of a display device.”
6,757,682: “Alerting users to items of current interest”
TechFlash has a deeper analysis of these patents.

Google and Facebook told the Guardian they will fight the accusations by Interval. “This lawsuit against some of America’s most innovative companies reflects an unfortunate trend of people trying to compete in the courtroom instead of the marketplace,” a Google spokesperson said in an emailed statement to the Guardian. “Innovation – not litigation – is the way to bring to market the kinds of products and services that benefit millions of people around the world.” Facebook spokesperson Andrew Noyes said: “We believe this suit is completely without merit and we will fight it vigorously.”

The Guardian reports that these claims have led to accusations by some observers that Allen, who is worth a reported $13.5bn is acting as a “patent troll” – suing active companies via patents obtained by now-defunct or inactive companies which are not actively developing technology. However, David Postman, an Interval official, defended the lawsuit as necessary to protect its investment in innovation.”We are not asserting patents that other companies have filed, nor are we buying patents originally assigned to someone else,” he told the Guardian. “These are patents developed by and for Interval.” Allen is not a named inventor on any of the patents according to Bloomberg.

Allen co-founded Interval Research in 1992 to develop communications and computer technology. The firm was reportedly designed to be a pure research institute “done right” which would replicate Xerox PARC, but that it would actually commercialize the amazing ideas. At its largest, it employed more than 110 scientists and engineers, and filed patents covering internet search and display innovations, according to the lawsuit. Interval Research officially closed in April 2000 when its 300+ patents were taken over by Interval Licensing.

Apparently, Allen has support from another tech founder. TechDirt reports that Apple co-founder Steve Wozniak comes out in favor of “patent trolls” and patent holders suing companies who actually innovate. Woz told Bloomberg TV that patents somehow help out the small guy (Paul Allen, the 37th-richest person in the world?):

I think this lawsuit represents the idea that hey, patents, individual inventors, they don’t have the funds to go up against big companies. So he’s sorta representing some original investors. And I’m not at all against the idea of patent trolls.

The Bloomberg interviewer points out that Paul Allen is not the inventor and there’s no sign that the inventors on these patents would actually get any of the money should Allen succeed. Woz says that Allen “represents inventors.” According to TechDirt Woz seems uninformed about the patent world today. For example, the interviewer notes that dealing with patents has become a “cost of doing business” and Woz seems to think that’s a good thing:

Every tech company is very aware that patents are really the heart of our innovation and invention system and (a) that you have to have your own patent position and you gotta be aware that there might be others. And, yes, you might be infringing. It’s very awkward, because some patents are so general. It’s hard to say how they’ll be interpreted. There’s a lot of ambiguity in the system.

TechDirt notes the irony that in Woz’s autobiography iWoz, he talked about how much of a success Apple was without relying on patents at the beginning.

Patents on software and business processes have become a lightning rod issue for web companies. They claim that patents act as a financial drag on innovation and that the US Patent Office (USPTO) is especially poor at examining patent claims for “prior art” which would disqualify them, or that it awards patents on needlessly wide claims which mean that it is almost impossible for companies to use accepted web technologies without accidentally infringing on them.

One of the most notable was Amazon’s 1997 patent for its “1-Click” shopping system, which was, accepted and then rejected and finally passed by the USPTO in March 2010. Amazon has licensed the technology to Apple, among others. Other infamous software patent abuses include:

British Telecom attempted to claim a patent on the hyperlink; its claim collapsed in 2002 on the basis that the patent referred to a “central computer” – which the internet does not have.
SCO sued IBM, Red Hat, Novell. AutoZone and DaimlerChrysler for claimed patents rights that would cover significant parts of the free Linux operating system.

Category: Uncategorized | Tags: 2010, AAPL, AOL, Apple, Business, EBay, Facebook, FB, GOOG, Google, Netflix, Office Depot, OfficeMax, Patents, Paul Allen, Politics, Prior art, Staples, Yahoo, YouTube

« Older Entries Recent Entries »

Bach Seat

Tag Archive for Facebook

Terabit Ethernet Developing

Terabit Ethernet is hard

Related articles

Microsoft Founder Sues GOOG, FB and AAPL

Meta