Menu

facebook

Mark Zuckerberg Kicked Off Facebook [Feuds]


Click here to read Mark Zuckerberg Kicked Off Facebook

It’s safe to say Indianapolis bankruptcy lawyer Mark S. Zuckerberg is the second-most famous person named Mark Zuckerberg in the entire world. That didn’t keep Facebook from deleting his account because the social network thought he was impersonating the other Mark Zuckerberg. More »







100,000 Facebook Apps have been leaking user data accidentally for years [Updated]

facebook-mark-zuckerbergjpg-c3150fcf116463b0

Security company Symantec has posted a notification on their blog that reveals a flaw in the Facebook web application API that has allowed apps nearly complete access to user’s accounts. This includes profiles, photos, chat and the ability to mine customer information. Updates below.

Fortunately, says Symantec, these third-party apps may not have realized that they even had the ability in the first place. Facebook has been informed that the issue exists and they have taken ‘corrective action’ to eliminate the vulnerability.

Faceboook IFRAME applications, which are embedded web apps, had inadvertently been leaking access tokens to advertisers and analytics platforms. Symantec estimates that close to 100k apps were leaking info.

We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

At this point the leaking of access tokens, which act as keys to user information, to third parties has apparently been corrected by Facebook, but the vulnerability has existed for months. While Symantec does not believe that any of the developers of these applications where aware of their ability to access user data, it is not completely clear if they were or not.

There is no good way to estimate how many access tokens have already been leaked since the release Facebook applications back in 2007. We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers.

They recommend that all users of Facebook who are concerned with the issue to change their password immediately. Changing their password will invalidate these tokens and remove a third-party apps ability to access their profile.

We also recommend changing your password on your Facebook account as a security precaution. The fact of the matter is that this vulnerability has now been fixed, but those access tokens that were issued may still be in the databases of third party vendors. If you do not change your password they still have access to that information.

Now that the vulnerability has been made public, some of these may attempt to take advantage of the extensive access to mine user data or much more. A full explanation of the vulnerability can be found at Symantec’s site.

Update. Facebook has posted an article on its developer blog, acknowledging that it is working with Symantec to improve security. They also state that they are now requiring that all applications use the newer OAuth 2.0 process for obtaining access keys.

Today, we are announcing an update to our Developer Roadmap that outlines a plan requiring all sites and apps to migrate to OAuth 2.0, process the signed_request parameter, and obtain an SSL certificate by October 1.

The new authorization process will remove the older form of authentication that allowed for applications to obtain the authorization keys.

Update 2. Douglas Purdy, Facebook’s Director of Developer Relations, has left this response in the comments below. We are including it in the body of the post to ensure that it is noted by readers of this article.

We appreciateSymantec raising this issue and we worked with them to address it immediately. Unfortunately, their resulting report has some inaccuracies. Specifically, we’ve conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties. In addition, this report ignores the contractual obligations of advertisers and developers which prohibit them from sharing user information in a way that violates our policies. Lastly, as you mentioned, the change we announced today on our developer blog removes the outdated API referred to in Symantec’s report.

As Purdy notes, developers of apps and advertisers working with Facebook are under contractual obligation to prohibits them from using user information in ways that violate Facebook’s policies. This would preclude them from utilizing any information obtained by improper authorization on part of Facebook’s API’s. It does not change the fact that the information was improperly accessible, a matter which Facebook promptly addressed as soon as it was brought to their attention.Symantec

7.5 Million Facebook Users Are Younger Than 13 [REPORT]

Some 7.5 million Facebook users over the past year were younger than 13, according to a Consumer Reports survey.

The report, made public on Tuesday, is based on a survey of 2,089 members of a TNS interactive consumer panel. Using that sample, the magazine was able to estimate that more than 5 million Facebook users are 10 years old and younger, making up the bulk of the 7.5 million figure. Facebook’s terms of service require users to be at least 13 years old. To join, though, users merely have to enter their supposed birth dates when they sign up.

But Facebook’s screening requirements for minors may be a moot topic. In a statement, Jeff Fox, technology editor for Consumer Reports, said the majority of parents of kids 10 and under “seemed largely unconcerned by their children’s use of the site.”

Reps from Facebook could not be reached for comment.

This isn’t the first time Facebook’s policies on minors have been called into question. A class action suit filed in August in Los Angeles alleged that Facebook’s “Like” button triggered instances in which minors were endorsing products without their parents’ consent.

Image courtesy of iStockphoto, Bennewitz

More About: consumer reports, facebook, minors

For more Social Media coverage:


Facebook Takes 31.2% of the U.S. Ad Display Market [REPORT]

Facebook now claims nearly a third of all U.S. display advertising impressions with 346.4 billion in the first quarter, more than double what it garnered in the comparable quarter in 2010, according to a new report.

The research, by comScore, estimates that Facebook now has 31.2% of U.S. advertising display impressions, up from 25.9% in the fourth quarter of 2010 and 15.6% in Q1 2010. At the current pace, Facebook will easily surpass 1 trillion impressions for the year.

The total number of U.S. impressions was 1.1 trillion for the first quarter. Facebook’s closest competitor is Yahoo’s network of sites, which claimed 10.1% of the market. Google, which is still relatively new to the display business, had 2.5%. The chart below shows Facebook’s rise since January 2010.

The latest numbers are proof, if anyone needed it, that Facebook’s advertising business is off to a running start in 2011. Facebook’s dominance in the market has prompted it to raise its ad unit prices by 40% according to one report while another speculated that the company’s IPO could be in the $100 billion range next year. Facebook’s business is growing faster than previously thought.

This recent report also notes that AT&T was once again the biggest display advertiser on the web with 19.4 billion impressions or 1.8% of the total market. Number two was Experian with 16.6 billion and 1.1%.

Image courtesy of Flickr, denneyterrio

More About: advertising, att, display advertising, facebook, Google, Yahoo

For more Business & Marketing coverage:


Load More