Potential dangers of Facebook apps
Another potential threat is the Facebook API, which allows developers to create applications that run on the Facebook platform. Facebook doesn't vet and isn't responsible for any such applications, and warns users to do this at their own risk.
As Verisign (and several other high-profile security firms) has warned, that API could provide an opportunity for malware creators. We've seen malware targeting MySpace users, and Facebook equivalents can't be far behind.
The real danger, though, isn't technological. It's users' lack of attention to privacy. As hackers know, there's a hard and an easy way to do everything. Attempting to hack into a corporate mainframe is the hard option. Phoning up, pretending to be the IT department and getting an employee's login details is easier.
It's the same with social networking. While it's no doubt possible to write an application for Facebook that steals user data, it's much easier to browse people's profiles to get what you need. And if you're on the same network as someone, or they've added you as a friend, then those details are just a click away.
As emailers, bloggers and now social networkers have discovered, you can't always control who sees your electronic outpourings. As social networking evolves and users connect to old friends and financial directors alike, more people will learn the hard way that it isn't always wise to put your life online.
Taken from issue 230, out 28 August.
The Facebook test: can we steal someone's ID?
Our victim has a Facebook account. Their profile gives us his full date of birth, home town, email address and his wife's name. We can now get his home address and phone number from 192.com via the electoral roll. Knowing his wife's name means we can narrow down the list of names to find the right one.
We have lots of other information too. Over at LinkedIn , we find his eductaional and employment history. So with this we can can apply for a credit card, and his list of interests on Facebook means we can have a go at guessing passwords.
Some banks are waking up to this. Many mainstream lenders have dumped the 'what's your mother's maiden name?' questions from their online banking services. Others are issuing customers with chip and PIN readers. But while such moves can help prevent people from accessing accounts, they might not stop fraudsters from setting up new ones.
