Change is required, and the change leader has the authority to implement the change

Change Leadership Journal

Subscribe to Change Leadership Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Change Leadership Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Change Leadership Authors: Jason Bloomberg, Charles Araujo, Sharon Drew Morgen

Related Topics: Change Leadership Journal, Security Journal, New Media on Ulitzer, Facebook on Ulitzer

Blog Feed Post

Facebook Security Issues

For instance, Facebook users can use too many different applications

Facebook on Ulitzer

I really don’t have any problems with Facebook whatsoever since I don’t really use it in any meaningful way (can it be used in such a way at all?). But that does not mean that Facebook does not have some serius security problems. In fact I could write a book about them if I could find more time.

Let’s consider some of them. For instance, Facebook users can use too many different applications for which no serious (mandatory) security evaluation / verification process exists. So hackers and other bad guys can continue to create applications that appear not so malicious but in reality they are. Problem is, of course, that applications are not vetted before their release. You say that Facebook does have application verification program?

As Facebook states:

“Do I need to be verified to run on Facebook Platform?

No. Facebook Platform continues to be open and available to any developer who wants to build applications without barriers to entry. Simply build your app and launch it. Developers are able to leverage our tools to integrate within Facebook or outside, through Facebook Connect.”

So there you go with application verification program. It’s like having guys who write some applications in your company and are completely bypassing change management / authorization procedures and releasing applications whenever they want. It’s worse – change management / authorization procedures are not even mandatory! It is up to users to discover whether they are malicious or not. That is not good security.

Another problem is that many companies and organizations are using Facebook for screening purposes:

So, if you have a Facebook profile, you can expect it to be a subject of evaluation when applying for another job. Of course, Facebook does have plenty of privacy settings that can keep general public from viewing your private / personal information. But Facebook does not have a mechanism for verification of the accuracy of profile information (there’s classic email verification for new accounts), so anyone can create a profile using your name. Anyone can create a new Facebook user pretending to be you. And they can make friends with your friends pretending to be you. So, is this a problem for Facebook, problem for companies who use Facebook for screening purposes or problem for you? Unfortunately, it could be a problem for you, since you can not control who wants to steal your identity (Facebook profile). If you don’t have a profile, that does not mean you don’t have to worry. Maybe someone created your profile already and is using it. So there you go.

What about that privacy settings? If you want to see my profile – you can’t if you’re not my friend (that’s one configuration). But viewing (confidential :) ) profile information should not be a problem. Many users just accept friendship offers from just about anyone. Tons have been written about Facebook privacy issues so I’ll just use some valuable links:

Criticism of Facebook

Facebook’s New Privacy Push Concerns Experts

The Looming Facebook Privacy Fiasco

There’s 350 million Facebook users. How many security issues are there for Facebook security team? Facebook is trying to do something, but will that be enough?

Read the original blog entry...