Friday, May 15, 2009

Facebook Applications Should be Raising Big Security Concerns for Users

Share with friends on: Facebook - Twitter

A trusted friend of mine recently sent me a Quiz request. Just out of curiosity, I decided to go ahead and see if I would find any security issues with this particular quiz.

Aha, a "bonus question". Looks innocent enough, and because many of my friends have a great sense of humor, I'll bite :)

D'oh! Burned again!

Results URL:

Don't blame your friends, folks. I expect Facebook to be more vigilant than to allow unscrupulous apps to weasel their way into their system.



So, the latest rage in Facebook applications appears to be the Quiz. "What's your purpose in life?", "What are you destined to do?", "What kind of flower are you?", and on and on... they are seemingly endless in number, most likely because anyone who clicks through to take one (because they've seen another FB friend's results in their "stream"), is greeted with the option to create their own.

Nice! Now anyone can create a quiz that may or (more likely) may not be anywhere near the truth depending on how you answer. And the reason? Money of course. Not for the creator of the quiz, but for the creator of the Quiz Application platform, and for Facebook too, if that's even possible as they've had a terrible time thus far making money off of anything they've tried. See: "Facebook has no business model".

So, because of all this, I generally ignore the quizzes. HOWEVER, there is a much more important reason that avoiding these types of quizzes on Facebook may just save your hide. Observe. And FYI, I am using Mozzila Firefox 3.0.10 on Windows, with the Web of Trust (WOT) Firefox add-on.

So, here goes.

In my stream, I see a quiz a friend has taken that grabs my attention:

I click on "Take this quiz" , agree to add the application with all its disclaimers, and am presented with the first set of questions.

OK, let's go... but wait, at the bottom. What's that?

Hmmm, it seems as though one of my FB buddies has taken another quiz, and has not only scored well, but has decided to do some trash talking to get me into a little competition. Since I have a few "Mike's" on my FB, I decide to hit them up to give them a little back, all in good fun, right?

Low and behold, to my (utter lack of) surprise, not only weren't they baiting me, they had never taken any such quiz on Facebook. Ever. So... now I'm intrigued. Out of my natural curiosity for all thing people/technical, and being confident of warding off many kinds of web-related attacks, I'm all for clicking that link. And I do. And here is where WOT steps in to prevent me from stepping in someone's crap that Facebook apparently endorses (or at least tolorates).

I've unwittingly been taken to a web site with all kinds of security problems including reports of Spam, Popup Ads, Fraud, Scams, and Phishing. Please read for yourself here:

For shame, Facebook, for allowing such unscrupulous marketing to find its way into your most popular applications. I, for one, certainly won't be taking any more of your quizzes, and will be hard-pressed to install any future applications without doing some investigative research beforehand.

No comments:

Post a Comment