Home > All, Vendor News > NEWS: Imperva’s comment on the Facebook Security Flaw

NEWS: Imperva’s comment on the Facebook Security Flaw

Yesterday, Facebook users found that they could view their friends live chats, see their friends pending friend-requests and which friends they had in common.

It seems as though there is a ‘preview’ mode for your profile that should have been used when setting privacy options (this mode allows you to understand the effect of your new settings on what people see about you). There was a bug in that mode that actually allowed you to ‘preview’ not only your account but rather other people accounts as well.

The flaw was caused by a software bug and since the bug did not affect functionality but rather privacy and security it was not detected through the testing process. This is a key mistake by many organizations where testing is oriented towards what the application should do rather than what it shouldn’t be doing. Social networks should test their applications more rigorously for security issues. However, with respect to privacy issues in social networking this is like telling a seaman ‘avoid deep water’.

I think that they should be managing their risk properly and focusing on the real issues which are infections and worms. Social networking sites should focus on avoiding malware distribution through shared content. While I do think that they should strive to provide the required privacy, the essence of social networking platforms is making your personal information public. Losing control of it in the process should be accepted as an inherent risk.

Facebook or others cannot inherently do something different to prevent this from happening in the future. In a platform where sharing information is the DEFAULT, one must expect privacy breaches.

My advice to consumers is to reiterate that you should not put up anything on the internet that you are not willing to share with the world.
Amichai Shulman, CTO of Imperva

And, of course, my advice is ‘dump Facebook’.

Imperva

Categories: All, Vendor News
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s