Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Posts Tagged ‘facebook

Facebook Security Flaw

leave a comment »

The New York Times is reporting that Facebook said today an attack on its computer network led to the exposure of information from nearly 50 million of its users.

Facebook said it discovered the breach earlier this week, “finding that attackers had exploited a feature in Facebook code that allowed them to take over user accounts.”

The Times reports that Facebook said it did not know the origin or identity of the attackers, nor had it fully assessed the scope of the attack, and is in the beginning stages of its investigation.

Here’s Facebook’s detailed explanation of the exploit and the actions it says it has taken:

Our investigation is still in its early stages. But it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens which they could then use to take over people’s accounts. Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app.

Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement.

Second, we have reset the access tokens of the almost 50 million accounts we know were affected to protect their security. We’re also taking the precautionary step of resetting access tokens for another 40 million accounts that have been subject to a “View As” look-up in the last year. As a result, around 90 million people will now have to log back in to Facebook, or any of their apps that use Facebook Login. After they have logged back in, people will get a notification at the top of their News Feed explaining what happened.

Third, we’re temporarily turning off the “View As” feature while we conduct a thorough security review.

This attack exploited the complex interaction of multiple issues in our code. It stemmed from a change we made to our video uploading feature in July 2017, which impacted “View As.” The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.

The Times goes went on to write that:

One of Facebook’s most significant challenges has been convincing its users that it is responsible enough to handle the incredible wealth of data the company handles. More than 2 billion people use Facebook every month, and another two billion separately use WhatsApp, a messaging app owned by Facebook, and Instagram, the Facebook-owned popular photo-sharing app.

You know the drill.  Check your password, change it, etc ad nauseum ad infinitum.

Written by turbotodd

September 28, 2018 at 12:22 pm

Posted in 2018, cybersecurity

Tagged with , ,

A Social Bill on Capitol Hill?

leave a comment »

Happy hump day.

Well, I didn’t have the opportunity to watch all of the Senate hearings where our illustrious senators grilled Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey.

For Google, there was an empty chair, as Larry Page opted not to show or send a representative.

From what I’ve gathered thus far, the two executives told lawmakers they feel they are better prepared to combat foreign interference on their platforms.

The Washington Post reports that Sandberg said "We were too slow to spot this and too slow to act. That’s on us. This interference was completely unacceptable. It violated the values of our company and of the country we love. We are more determined than our opponents and we will keep fighting."

Dorsey, on the other hand, explained that "We found ourselves unprepared and ill-equipped for the immensity of the problems we’ve acknowledged. Abuse, harassment, troll armies, propaganda through bots and human coordination, disinformation campaigns and divisive filter bubbles — that’s not a healthy public square."

One highlight of the hearing occurred when a female protester stood up at the back of the hearing room towards the end of the session.

To overshadow (err, physically shadow ban?) the protester, Rep. Billy Long of Missouri launched into full auctioneer filibuster mode until such time as said protester could be removed fro the hearing room.

God, how I love the U.S. Congress.

We can probably start the countdown on how long it takes for a social media or overall Internets regulation bill to roll down Capitol Hill.

Schoolhouse Rock, everybody….

https://www.youtube.com/watch?v=tyeJ55o3El0

Written by turbotodd

September 5, 2018 at 2:15 pm

Facebook Deletes 600+ Accounts Linked to Influence Campaigns from Iran and Russia

leave a comment »

Happy Thursday.

Facebook has once again removed multiple pages, groups and accounts for coordinated and authentic behavior on Facebook and Instagram.

The company indicated that “some of this activity originated in Iran, and some originated in Russia.”

The Verge reported that Facebook took down 652 fake accounts and pages that published political content, the existence of which was first uncovered by the cybersecurity firm FireEye.

“These were networks of accounts that were misleading people about who they were and what they were doing,” CEO Mark Zuckerberg said in a call with reporters. “We ban this kind of behavior because authenticity matters. People need to be able to trust the connections they make on Facebook.”

Separately, CNBC is reporting that Apple has removed Facebook’s Onavo security app from the App Store because it does not comply with its privacy rules.

Citing a Wall Street Journal story from Wednesday, Apple officials told Facebook that Onavo violated the company’s rules on data collection by developers, and suggested last Thursday that Facebook voluntarily remove the app. 

Facebook acquired Israel-based Onavo in 2013, snapping up the free security app that lets users access a virtual private network, or VPN, to browse the web and download apps with a greater degree of privacy. Facebook in the past has offered that service to users without clearly disclosing that it owns the app, and has collected data about what other types of apps those customers use.

Written by turbotodd

August 23, 2018 at 9:55 am

Posted in Uncategorized

Tagged with , ,

Well That Was Quick

leave a comment »

Well it was just yesterday that The New York Times was reporting it looked as though Facebook might be making new inroads into the Chinese market.

Then, overnight, the Times further reported that a Chinese government database, which had shown Facebook had gained approval to open a subsidiary in Zhejiang province, no longer had a record of the registration.

Now the approval has been withdrawn, according to a person familiar with the matter who declined to be named because they were not authorized to speak on the record.

And the Times wrote that the move doesn’t bode well for Facebook’s Chinese renaissance:

While the about-face does not definitively end Facebook’s chances of establishing the company, it makes success very unlikely, the person said. The decision to take down the approval, the person added, came after a disagreement between officials in Zhejiang and the national internet regulator, the Cyberspace Administration of China, which was angry that it had not been consulted more closely.

Facebook back in China?  Don’t hold your breath.

Written by turbotodd

July 25, 2018 at 10:49 am

Posted in 2018, china

Tagged with , ,

Didja Delete Your Facebook Yet?

leave a comment »

People around the globe are having a crisis of conscience.

Do I delete my Facebook account or do I not?

Even Hamlet didn’t have to contend with such an existential crisis.

Get a grip and some perspective, people.  Take a deep breath, and…one….hold…and two….

And then, if you’re really, really concerned about whether or not the privacy trade-off is worth keeping up with the virtual Joneses, Techpinions did some fast research of 1,000 Americans about their feelings and actions re: Facebook post-Cambridge Analytica;

The big takeaways:

  • 17% of respondents said they deleted the Facebook app from their phone over privacy concerns
  • 35% said they were using Facebook less than they used to over the privacy issue
  • 39% said they were “very aware” of the Cambridge Analytica scandal, while 37% said they were “somewhat aware.”
  • 9% reported deleting their Facebook account altogether

So, according to that report, nearly 1 in 10 have said “sayonara” to Facebook. 

For those who stayed, there’s the issue of perhaps exerting more usage of Facebook’s already-extensive privacy controls.  

Facebook VP of global marketing solutions, Carolyn Everson, spoke at The Wall Street Journal CEO Council in London, and indicated that “we have not seen wild changes in behavior with people saying I’m not going to share any data with Facebook anymore,” and that Facebook users largely haven’t changed their privacy settings in the past four weeks since the Cambridge story broke.

If you don’t want to break up with Facebook, but you’d like to exert more control of how your information is used there, check out this guidance from ZDNet.

It’s like getting your PhD in Facebook privacy!

Written by turbotodd

April 13, 2018 at 9:49 am

Posted in 2018, facebook, privacy

Tagged with , ,

I Can’t Get Rid of My Friends!

leave a comment »

Okay, Mark Zuckerberg probably had a less rosy day on Capitol Hill yesterday in front of the House, but overall, I would have to say he acquitted himself well.

As for that whole thing I mentioned in an earlier posts about the Senators and Congresspeople hopefully being well briefed by their staffs…well, you could tell from the questioning either A) that didn’t happen or B) the Senators and Congresspeople just didn’t have the depth of knowledge necessary to follow up with thoughtful and probing interrogatory.

Facebook definitely won this round.  Ding ding!

But tech journalists who *do* have some technical chops continue to probe around the edges to find privacy and related holes in Facebook’s business model and capabilities.

Brian Chen, a New York Time’s technology journalist, recently downloaded his full data from Facebook using a tool Facebook has made available to the public.

Chen noted in the piece that his Facebook profile is “sparse” and that he rarely posts anything on the site, and seldom clicks on ads.

And yet within a few clicks of looking through the data, he “learned that about 500 advertisers — many that I had never heard of, like Bad Dad, a motorcycle parts store, and Space Jesus, an electronic band — had my contact information, which could include my email address, phone number, and full name.”

Welcome to Mark Zuckerberg’s closet, Brian.

He also learned that an index file contact the 764 names and phone numbers of everyone in his iPhone’s address book, which Facebook had uploaded when Chen was setting up Facebook Messenger.

Welcome to Mark Zuckerberg’s garage, Brian.

He indicated that Facebook “also kept a history of each time I open Facebook over the last two years, including which device and web browser I used. On Sundays, it even logged my locations, like when I was in a hospital two years ago or when I visited Tokyo last year.”

Welcome to Mark Zuckerberg’s attic, Brian.

But, Chen wrote, what really got his goat was the data he  “had explicitly deleted but that lingered in plain sight.”

He indicated that on his friends list, Facebook had a record of “removed friends,” a dossier of the 112 people he had removed along with the date he had clicked the “unfriend” button. Why should Facebook remember the people he cut off from his life?

Because, Brian.  

It’s Facebook, and that’s what Facebook is and that’s what Facebook does.

And that’s what you, me, and 2 billion other people on the planet signed up for.

Welcome to Mark Zuckerberg’s mansion, Brian.

Written by turbotodd

April 12, 2018 at 9:31 am

Posted in Uncategorized

Tagged with , ,

You Thought You Had a Bad Tuesday

leave a comment »

You thought you had a bad Tuesday?

You weren’t sitting in front of a bunch of hot lights and a swarm of photographers before a joint session of the Commerce and Judiciary committees on Capitol Hill.

Mark Zuckerberg, founder and CEO of Facebook, was, and judging from coverage of his “performance,” he was a calm and cool customer, absorbing jibes, barbs, and other commentary and questions from a Senate with a wide range of perspectives (No report I’ve seen yet as to how many of the senators had taken campaign contributions from his inquisitors).

The Verge did a nice job of breaking down some of the key issues raised, and who raised them.

  • Sen. Lindsey Graham (R-SC) asked about Facebook’s monopoly power (As in, IS Facebook one?). Zuckerberg: “It certainly doesn’t feel like that to me.”
  • Multiple senators raised the issue of whether Zuckerberg might consider a paid, ad-free version of Facebook. Zuckerberg said it was possible, but that there would always be a free version.
  • Leaning on AI to improve moderation on the platform: Zuckerberg “invoked the promise of AI to help Facebook quickly sort through hate speech and other problematic posts.”

In terms of actionability, Zuckerberg referred repeatedly to changes in the product that will better prevent data leakage and make privacy shortcuts easier to find, as well as restrict data shared with developers.

Will it be enough to keep regulation and/or legislation at bay? Doubtful. On the other hand, I hardly see a pro-regulatory government about to completely throw the book at one of the world’s most successful Internet companies.

So I’ll quote from that bastion of Congressional wisdom, SchoolHouse Rock’s “I’m Just a Bill”:

I’m just a bill
Yes I’m only a bill,
And I got as far as Capitol Hill.
Well, now I’m stuck in committee
And I’ll sit here and wait 
While a few key Congressmen discuss and debate
Whether they should let me be a law.
How I hope and pray that they will,
But today I am still just a bill.

Written by turbotodd

April 11, 2018 at 8:58 am

Posted in 2018, facebook, legislation, privacy

Tagged with , ,

%d bloggers like this: