The middle of August was marked by several reports of Facebook security issues, all of them quite scandalous. Even though they didn\u2019t cause any catastrophic consequences for the users, they should not be underestimated. They are another reason for talking about the safety (or hazards) of social media from the point of view of corporate network administrators.<\/p>\n
Before discussing specific incidents, we have to note that the world\u2019s largest social networks were originally designed for collaboration and information exchange within a fairly narrow selection of people (such as Facebook and Livejournal). Then, the growing resources reached the point when the scope of social media became almost identical to the scope of the whole Internet. A few years ago social networks were most likely a problem for commercial companies (employees spent too much of their working time on social networks so it was easier just to ban their use altogether). But, commercial companies have recently been trying to use the popular resources to promote their products and brands. This duality does not make the lives of system administrators any easier.<\/p>\n
\u00a0<\/p>\n
Chapter One. The weird lines on Zuckerberg\u2019s wall<\/b><\/p>\n
Unemployed Palestinian information security expert \u1e30halil Shreateh found<\/a> a serious flaw in Facebook which allowed posting messages on the wall of any user of the social network, ignoring whatever limitations were enabled. He made \u200b\u200bseveral attempts to inform the support team of Facebook about the bug but eventually he had to post a message on the wall of Mark Zuckerberg<\/a> so that the technical support would realize that they were dealing with a software error.<\/p>\n At that point, Shreateh\u2019s account was blocked and later they restored his access to Facebook but refused to pay the promised fee of $4,000 for the found vulnerability, referring to \u1e30halil\u2019s violation of the rules of the user agreement and of bug report registration.<\/p>\n \u1e30halil was thoroughly hurt and promised to sell information of a possible vulnerability on the black market next time. Given the popularity of Facebook, his supply would meet the highest demand ever.<\/p>\n How did it end? Facebook exuded odd inflexibility when dealing with an enthusiast who wanted to help, even though it was all over payment for the find. The story gained wide public attention \u2013 the worst publicity for Facebook, especially for benevolent enthusiasts and malicious hackers. Enthusiasts saw it as a sign that working with Facebook is worth nothing but social responsibility, and hackers got another reason to look for any serious breaches in Facebook and use it against the most popular social network in the world. Who will suffer in the end?<\/p>\n Surely, the users will.<\/p>\n \u00a0<\/p>\n Chapter Two. Mass disabled applications<\/b><\/p>\n In late August a great number of legitimate applications written by third-party developers for Facebook were disabled. In addition, the accounts of the developers were blocked<\/a>.<\/p>\n On August 13, the official developers blog posted an explanation<\/a> about why some applications for Facebook and developers\u2019 accounts were suspended without warning.<\/p>\n \u201cThe Facebook Platform and our users are constantly under attack from malicious apps and we have many automated systems to protect the platform and our users. Occasionally we detect an attack that requires us to augment those automated systems. Specifically, we identify a malicious pattern, find all the apps that match that pattern, and then disable those apps. This normally results in thousands of malicious apps being disabled and improves our automated systems\u2019 ability to detect similar attacks in the future,\u201d wrote the author Eugene Zarakhovsky. According to him, on August 13th, they started with a broad pattern that correctly matched thousands of malicious apps but, unfortunately, also matched many high-quality apps \u2013 the system disabled a large number of legitimate third-party apps as malicious.<\/p>\n \u201cWhen we detected this error, we immediately stopped the process and began work to restore access. The process took longer than expected because of the number of apps affected and bugs related to the restoration of app metadata,\u201d Zarakhovsky wrote.<\/p>\n As a result, the technical support services of Facebook promised to revise their methods and technologies in order to minimize the possibility of similar incidents in the future.<\/p>\n \u201cWe understand that incidents like these are disruptive to your businesses, and we sincerely apologize for the inconvenience,\u201d Zarakhovsky wrote.<\/p>\n There are lots of malicious applications written for Facebook. That is a well-known fact. And cybercriminals try to use the popularity of the network for their own purposes. Any popular service is bound to become a target for cybercriminals, the more people use the service, the more people want to use it to spread malware and other unpleasant items.<\/p>\n