NEWS: Imperva’s comment on the Facebook Security Flaw
Yesterday, Facebook users found that they could view their friends live chats, see their friends pending friend-requests and which friends they had in common.
It seems as though there is a ‘preview’ mode for your profile that should have been used when setting privacy options (this mode allows you to understand the effect of your new settings on what people see about you). There was a bug in that mode that actually allowed you to ‘preview’ not only your account but rather other people accounts as well.
The flaw was caused by a software bug and since the bug did not affect functionality but rather privacy and security it was not detected through the testing process. This is a key mistake by many organizations where testing is oriented towards what the application should do rather than what it shouldn’t be doing. Social networks should test their applications more rigorously for security issues. However, with respect to privacy issues in social networking this is like telling a seaman ‘avoid deep water’.
I think that they should be managing their risk properly and focusing on the real issues which are infections and worms. Social networking sites should focus on avoiding malware distribution through shared content. While I do think that they should strive to provide the required privacy, the essence of social networking platforms is making your personal information public. Losing control of it in the process should be accepted as an inherent risk.
Facebook or others cannot inherently do something different to prevent this from happening in the future. In a platform where sharing information is the DEFAULT, one must expect privacy breaches.
My advice to consumers is to reiterate that you should not put up anything on the internet that you are not willing to share with the world.
Amichai Shulman, CTO of Imperva
And, of course, my advice is ‘dump Facebook’.