Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

4 Facebook security tips to stay safe in 2012

Kristin Burnham | Dec. 9, 2011
Once again, Facebook founder Mark Zuckerberg was hacked.

Geide says that hackers use your location data not just for physical-world attacks such as stalking and robbery, but for social-engineering attacks, too. One example of this: messaging you to say, "Hey, I met you at XYZ conference last week," in order to obtain more information or promote a malicious link.

3. Use Applications and Games Sparingly

In the past, rogue Facebook apps have spammed users and hijacked accounts. Facebook has since put a number of safety protocols, such as App Passwords, in place to better vet their apps and ensure security.

App passwords are one-time passwords you use to log into your apps, without needing to enter your Facebook password. To get an app password, go to your Account Settings, then select the Security tab. Click "Edit" next to App Passwords, then follow the prompts.

Geide also recommends carefully reviewing the permissions granted to Facebook apps before you install and use them.

"Applications may use a number of permissions. Because of this, it is best to limit your applications to those that you actually use and have a level of trust for," he says.

Specifically, Geide recommends paying careful attention to which applications have the ability to write on your wall or message friends, as this could be used to propagate something malicious. Also, check to see what information the application is able to access about you and what content it can read--for example your wall, posts and photos.

"Think about the actual expected behavior of the application," he says. "And if the level of access that it is requesting doesn't seem needed for its functionality, the chances are that it's doing something in addition to what it is advertising."

4. Log Out of Facebook When You're Done

When you're finished browsing Facebook, be sure you log out, Geide says. "This will prevent threats, such as 'Likejacking,' that leverage logged-in sessions to Facebook," he says.

Likejacking is a form of clickjacking, or the malicious technique of tricking users into posting a status update for a site they did not intentionally mean to "like."

One example of this: In June 2010, hundreds of thousands of users fell victim to likejacking after clicking links that read, "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE," and, "This man takes a picture of himself EVERYDAY for 8 years!!"

After clicking the link, users were asked to "click here to continue." The following page contained a clickjacking worm that posted content to the users' walls.

If you have forgotten to log out of Facebook from a computer or mobile device, you can do so remotely. From your Account Settings page, click the "Security" tab on the left. Select "Edit" next to Active Sessions.

The following information will show you where you're logged in on other devices, when you last accessed it and the device. To log out of any of the sessions, just click "End Activity."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.