Facebook Announced the launch of some new security features today.
First off, Facebook announced a partnership with Web of Trust, a tool that tells users what sites can be trusted, based on ratings from community members. “Facebook already has a system that automatically scans links to determine whether the websites associated with those links are spammy or contain malware,” Facebook security engineer Clement Genzmer says. “This partnership will help us improve our system by providing additional bad links, and in the coming months, we expect to massively increase our coverage even more by working with other industry leaders. You can become a part of this commmunity too by using the Web of Trust add-on, and leaving your own ratings.”
Facebook has also implemented new “clickjacking” protection. “Spammers sometimes take advantage of a vulnerability in the web browser to try to trick people into clicking on links they might not want to click on. This is called clickjacking, and it’s done by overlaying the link with something more enticing, like a phony offer,” Genzmer says. “We have built defenses to detect clickjacking of the Facebook Like button and to block links to known clickjacking pages. Recently, we improved our systems to also alert people if we think they’re being tricked. Now, when we detect something suspicious, we’ll ask you to confirm your like before posting a story to your profile and your friends’ News Feeds.”
Facebook has also implemented protections to prevent attacks from spammers that ask people to copy/paste malicious code into their address bar, which causes the browser to do things the spammers want it to. When a user tries to paste the code, Facebook will ask the user to confirm that they really want to do it, and tell them whey they should reconsider.
The company is working with “the major browser companies” to fix the issue that lets spammers do this.
Finally, there are now login approvals, which consist of a two-factor authentication system announced last month. ” If you choose to use it, whenever you log in to Facebook from a new or unrecognized device, we’ll require that you also enter a code we send to your mobile phone via text message,” says Genzmer. “If we see a login attempt from a device you haven’t saved, you’ll be notified upon your next login and asked to verify the attempt. . If you don’t recognize this login, you’ll be able to change your password with the knowledge that while some one else may have known your login credentials, he or she was unable to access your account or cause any harm.”
Did you hear the one about Facebook hiring a PR agency to launch a smear campaign against Google’s privacy practices? Interestingly, that seems to be catching more of the media’s attention than Facebook’s actual security features.
How about the one where Facebook deleted somebody’s profile for sharing a name with the company’s CEO?