FB | Bach Seat - Part 12

Tag Archive for FB

RB | November 27, 2010

Comments Off

Social Networks Are Risky

According to the Czech security firm TrustPort, social networking’s popularity and ease of use can cause users to forget its risks. These risks include the loss of private personal data and malware infection. Even though social networking is new, a recent IBM (IBM) X-Force report says the threats are not. According to IBM, traditional threats like phishing, malware, 419 fraud schemes, identity theft, data harvesting, and botnets now use social networks as attack vectors.

Many social networking users fall victim to attackers offering new apps or features for joining the group. Net Security.org cites the Facebook Stalker Catcher as an example of such a scam. Even though this malicious app appeared in 2009, Facebook users still fall victim to it. To start a Stalker Catcher attack, Net Security.org says users are lured to the group on the pretext that they will see exactly who and when is visiting their personal profile. The alleged instructions for feature activation result in nothing more and nothing less than sending group invitations to all contacts of the victim.

Sunbelt Software reports that the latest scam targeting Facebook users specifically targets kids. The scam promises a free proxy service for those who want to bypass parental controls and blocks set up by schools. The scam tempts the victims to try the service at hxxp://myfatherisonline.com to access Facebook in school. Of course, when the victims visit the website, they can’t find the advertised service. The researchers instead found a plethora of scam attempts. The victims are faced with an affiliate site containing malware, surveys, quizzes, and offers for free iPhones that will try to get them to subscribe to a premium rate service or sign up for spam.

The number of users who voluntarily join fraudulent groups and send invitations to all their contacts is strikingly high. In the Net Security.org article, IBM says the informal feel of social networks is the real risk.

We’re all friends here,” you’re thinking to yourself, and you’re mind chooses to ignore the things that would usually set off alarm bells in your head. Who knows – maybe it’s our inherent sense of safety that we get when surrounded by lot of people? Safety in numbers, so to speak. In any case, most of us are just less careful.

These same users then access Facebook at work, exposing their employers to more risks. The anti-malware firm Sophos recently found that reports (PDF) by companies of spam and malware derived from social networks were up 70 percent from a year earlier and concludes that “Because of this, social networks have become one of the most significant vectors for data loss and identity theft.”

Due to this carelessness, the criminals behind the scams quickly gain large databases of contacts. These databases are later sold to other cybercriminals and used for sending spam or for further phishing scams. Some fraudulent groups explicitly invite users to install a particular application, which is even more dangerous. According to the article, the risk of malware infection should never be underestimated.

rb-

So the important message here is:

Keep your computer up to date
Use regularly updated antivirus and antispyware software
Verify what you are doing before you do it
If it is too good to be true, it probably is

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Social Networking | Tags: 2010, Facebook, FB, IBM, Security, Sophos, TrustPort

RB | November 23, 2010

Comments Off

Server Counts Climbing

Data Center Knowledge has updated its list of companies with the most servers (at least the ones that release the information). I wrote about this server list last year and some of the changes from last year include adding Intel (INTC) and Facebook to the list, SoftLayer’s acquisition of The Planet, and increases in server fleets.

Server Growth

Firm	Servers (2009)	Servers (2010)	% change
Intel	--	100,000	NA
OVH	55,000	80,000	45
SoftLayer	21,000	76,000	262
Akamai Technologies	48,000	73,000	52
1&1 Internet	55,000	70,000	27
Rackspace	50,038	63,996	28
Facebook	--	60,000	NA
iWeb	10,000	35,000	250

Some notable companies that have not changed since 2009 include:

* SBC Communications
* Verizon
* Time Warner
* AT&T
* Peer1/ServerBeach.

rb-

One thing that many of these companies have in common is that they are cloud companies or companies that enable cloud computing. The research firm IDC reported in 2009 that only 14.3% (2.2 Exabytes) of the 15.4 Exabytes of enterprise storage capacity resides in the public cloud. IDC believes this number will grow to 27.6% by 2013.

If IDC is right, over the next 3-4 years, server fleets will continue to grow.

Category: Uncategorized | Tags: 2010, Cloud, Exabyte, Facebook, FB, Hardware, INTC, Intel, Server

RB | November 21, 2010

Comments Off

Facebook is Biggest Social Networking Risk

Data from anti-malware vendor Sophos‘ 2010 Security Threat Report (PDF) says Facebook is the leader in privacy risks, spam, and other malicious activity. 60 percent of the respondents to a Sophos survey identified Facebook as the biggest security risk in social networking, followed by MySpace (18%), Twitter (17%), and LinkedIn (4%).

It is not surprising that users regard Facebook as the top risk. Facebook’s over 500 million users, offer criminals a cornucopia of personal data to exploit. “Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made,” said Graham Cluley, senior technology consultant for Sophos.

Criminals have focused their efforts on social media

Sophos’ research shows that criminals have focused their efforts on social networking users in the last 12 months creating an “explosion” in social networking spam and malware complaints. Sophos found that 57% of social network users were spammed on one of the sites, an increase of 70 percent compared to last year. They also found 36% of social network users reported being sent malware, a 70% increase over last year. “The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks,” Sophos’ Cluley added.

Three things working against Facebook users

There are three things working against Facebook users, themselves, malware, and Facebook. Facebook users typically give away more private information to Facebook than other sites. Though most people’s profiles it is possible to find out their first, last, and maiden names, where they live, where they went to school, and even worse, historical information like where they lived in the past. A lot of this private information is required on many online credit checks, providing a boom for criminals looking to exploit a user’s credit history or steal their identity.

The most common malware used on social networks is Koobface. Koobface can target all the popular social portals, including Facebook, MySpace, Bebo, Friendster, Tagged, and Twitter. According to the report, Koobface is capable of, “... registering a Facebook account, activating the account by confirming an email sent to a Gmail address, befriending random strangers on the site, joining random Facebook groups, and posting messages on the walls of Facebook friends. Furthermore, it includes code to avoid drawing attention to itself by restricting how many new Facebook friends it makes each day.”

Another threat is Facebook applications. Criminals can create malicious Facebook applications designed to steal information and they can find holes in pre-existing applications and exploit them. Legitimate Facebook apps will give away your information if you allow them to (as I have written about here and here). Once an app has permission it can harvest all the information in a Facebook profile and send it to criminals. Before users grant an application access to all of their information, they should Google the publisher to see if they are legitimate or not. Any application that starts doing anything strange or suspicious should be removed immediately.

Facebook has tried to address these risks by issuing a new privacy policy. However, Sophos’ Cluley called it a step backward, because the new settings are “encouraging many users to share their information with everybody on the internet.” According to Facebook only 35% of their users actually customized their settings leaving 65% who presumably didn’t change their settings and continue to share valuable data, which is then used to propagate spam and malware.

Category: Social Networking | Tags: 2010, Facebook, FB, Identity Theft, KOOBFACE, LinkedIn, LNKD, Malware, MySpace, Social media, Sophos, SPAM, Twitter, TWTR

RB | November 13, 2010

One comment

Terabit Ethernet Developing

Researchers at the University of California, Santa Barbara (UCSB) are working on the next evolution of Ethernet – Terabit Ethernet. UCSB Professor of Electrical and Computer Engineering Dan Blumenthal told LightReading that the goal of the recently created Terabit Optical Ethernet Center (TOEC), is to create Terabit Ethernet (TbE) which runs at 1 trillion bits per second by 2015 and to follow it up with 100Tbit/s Ethernet by 2020.

Professor Blumenthal explained to LightReading that he wants the TOEC and its partners to produce something the industry can use, not a one-time lab experiment that only works with duct tape and glue. “We’re not talking about lab hero experiments,” Blumenthal told LightReading. The real-world focus of TOEC has helped attract partners like Agilent Technologies Inc. (NYSE: A), Google (NASDAQ: GOOG), Intel Corp. (NASDAQ: INTC), Rockwell Collins Inc., and Verizon Communications Inc. (NYSE: VZ) to help with the research. I wrote about Intel’s TBPS efforts back in July.

Terabit Ethernet is hard

TOEC could probably use the help because developing TbE is looking like no simple task according to LightReading. Bob Metcalfe, Ethernet’s creator, and now a Polaris Venture Partners partner, speculated two years ago that a terabit standard might need a rethinking of everything, even the fiber itself.

Based on current UCSB research, professor Blumenthal speculates that TbE may include:

Photonic integrated circuits (PICs) are a must.
Coherent receivers, but at a scale well beyond what’s being used for 100Gbit/s Ethernet. A likely candidate is 1,024-QAM: quadrature amplitude modulation (QAM) transmitting 10 bits per symbol, a scheme likely to require 100GHz electronics.
To make that coherent receiver energy-efficient, TOEC is “trying to move a lot of what’s in the digital signal processor into the optics,” Blumenthal says.
New materials for fiber-optics aren’t out of the question. “We won’t start out with that, but it’ll move in that direction,” Blumenthal says.
Other items on the TOEC shopping list include optical phase-locked loops, new semiconductor optical amplifiers (SOAs), and methods for drastically lowering on-chip optical losses.

The questions go beyond the optical layer. To make operations more synchronous padding and frame delineation were added to 10Gbit/s and 100Gbit/s Ethernet, Blumenthal pointed out. “Do we keep doing that? Or do we go purely asynchronous? We don’t know yet. …Once you put the word ‘Ethernet’ in there, it’s not about just transmission. It’s about being backward-compatible. That’s the beauty of Ethernet. We can’t lose that essence.”

rb-

The need for TbE is real (I first wrote about Intel’s TbE efforts here) and being driven by video. More video is already riding over existing networks. “We’re going to need much faster networking to handle the explosion in Internet traffic and support new large-scale applications like cloud computing,” Professor Blumenthal told Physorg. Stuart Elby, Vice President of Network Architecture for Verizon told Physorg, “Based on current traffic growth, it’s clear that 1 Terabit per second trunks will be needed in the near future.”

Facebook is already looking at TbE in their data centers. PCWorld reports that at the Ethernet Alliance‘s Technology Exploration Forum, Donn Lee, a Facebook Engineer said, “… there is already a need for 1 terabit.” Facebook has so many servers, and those servers can process data so fast, that they could fill 64 Terabit Ethernet pipes in the backbone of one data center, Lee said.

Terabit trial gives Telstra some backbone (go.theregister.com)

Category: Uncategorized | Tags: 2010, Agilent Technologies, Ethernet, Facebook, FB, GOOG, Google, INTC, Intel, Networking, Terabit, Verizon, VZ

RB | October 24, 2010

Comments Off

Facebook Privacy Fail Again

-Updated 11-01-10- Facebook has completed its internal investigation into reports from The Wall Street Journal that Facebook applications were violating its user privacy. The WSJ says FB is sharing unique user IDs with advertising agencies and data collection companies. According to the firm’s blog, some developers were sharing Facebook UIDs with data brokers for a fee, “this violation of our policy is something we take seriously,” Facebook engineer Mike Vernal wrote in the corporate response.

The Social Networker is reportedly taking action against developers who violated the Facebook policies by “instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies” according to the corporate blog.

The blog also states that Facebook has struck a deal with Rapleaf (Which I wrote about here), the data-mining firm that has tied Facebook ID information collected by Facebook applications to a database of Internet users it sold. “Rapleaf has agreed to delete all UIDs in its possession, and they have agreed not to conduct any activities on the Facebook Platform (either directly or indirectly) going forward.”

—

Last May Facebook was caught using “referrers” to send users’ ID information to advertising agencies every time the users click on ads. In response, the social networker changed some of the code that allowed this and issued a half-hearted apology. Now, the Wall Street Journal has found that third-party applications or “apps” on Facebook have been guilty of the same thing. The WSJ says the privacy breach affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings.

“Apps” are pieces of software that let Facebook’s 500 million users play games or share common interests with one another. The company says 70% of users use apps each month. The WSJ found that all the 10 most popular apps on Facebook were transmitting users’ IDs to outside companies including:

FarmVille,
Phrases,
Texas HoldEm,
FrontierVille,
Causes,
Cafe World,
Mafia Wars,
QUiz Planet,
Treasure Isle
IHeart.

The WSJ says that Zynga Game Network Inc.’s (ZNGA) FarmVille, with 59 million users has also been transmitting personal information about a user’s friends to outside companies.

The information being transmitted includes the unique “Facebook ID” number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person’s name even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with “everyone,” including age, residence, occupation, and photos. The apps reviewed by the WSJ were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities.

The Journal found that data-gathering firm, RapLeaf Inc., (Which I wrote about earlier) had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms including Google’s Invite Media, the Journal found. “We didn’t do it on purpose,” said Joel Jewitt, vice president of business development for RapLeaf to the WSJ.

Facebook has again issued a statement that it will look into the matter and correct the code and has in the meantime disabled thousands of applications. According to the WSJ, the applications transmitting Facebook IDs may have breached their own privacy policies. Zynga, for example, says in its privacy policy that it “does not provide any Personally Identifiable Information to third-party advertising companies.” A Zynga spokeswoman told the WSJ, “Zynga has a strict policy of not passing personally identifiable information to any third parties. We look forward to working with Facebook to refine how web technologies work to keep people in control of their information.”

rb-

Once again, Facebook has a user privacy breach on its hands. The social networker keeps promising to protect its customers’ personally identifiable information but never seems to get it right.

Perhaps the question Facebook users should be asking is does Facebook really want to protect their user’s privacy?

Facebook facial recognition tech ‘violates’ German privacy law (go.theregister.com)

Category: Social Networking | Tags: 2010, Facebook, FarmVille, FB, FrontierVille, Personally identifiable information, Privacy, Rapleaf, Security, Social media, ZNGA, Zynga

« Older Entries Recent Entries »

Bach Seat

Tag Archive for FB

Terabit Ethernet Developing

Terabit Ethernet is hard

Related articles

Meta