Facebook’s Security Weaknesses Spell Downfall

According to Facebook’s chief security officer Joe Sullivan:

“You can’t expect security to be perfect”

Facebook recently celebrated its 10th birthday. The decade has seen Facebook evolve from a teenager’s whim, to a global phenomenon that is powering the world’s ideas and businesses.

Facebook has our passwords, addresses, our food preferences, our friend circles, our family trees, our favorite movies, our weekend jogging patterns and even favorite clubs! Your Facebook profile is a digital painting of who your identity.

Anybody with access to your Facebook profile can infiltrate your life to cause damage to you or your Facebook contacts. Information is power, and with if the right information is utilized the wrong way, there is no limit to the damage that can be caused.

 

Facebook Reveals Approach to Data Security

On the 19th of March this year, Facebook decided to show the world what it is doing to secure Facebook users’ data.

The highlight of the presentation was the fact that Facebook has pumped up its 1024-bit to encryption 2048-bit RSA. That is beyond military-grade and it would take all the computing power in the world the rest of the universe’s life to break.

However, the change has not been implemented across entire Facebook’s network and an implementation of the boosted encryption on Facebook’s data centers is still in the pipe-line.

 

Everybody Wants a Piece of Facebook

Forget, hackers and cyber criminals! Even the NSA Wants a Piece of Facebook. Mark Zuckerberg is so frustrated with the NSA’s disguising servers as Facebook’s servers to steal the public’s data that he actually called up President Obama to complain about it. Zuckerberg later blogged on the subject stating:

“I’ve been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”

An example of Facebook’s vulnerability can be found in the strategic hack-attack that targeted Facebook employees in order to capture Facebook data earlier last year. Here is an excerpt from Facebook’s official release on the incident:

Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops.

And do I even need to mention the time when a hacker hacked Mark Zuckerberg’s Facebook account and posted the following from Zuckerberg’s account on Zuckerberg’s own wall:

“First, sorry for breaking your privacy and post(ing) to your wall, I (have) no other choice to make after all the reports I sent to (the) Facebook team.”

 

Facebook’s SSL HTTPS Traffic Encryption is not End-to-End

After 33% of Facebook’s users voluntarily enabled SSL HTTPS, Facebook decided to make SSL HTTPS encryption mandatory for its data traffic. The move was made in response to the increasing threat from tools like Firesheep and the like.

The SSL HTTPS feature was introduced in 2011 and was made a mandatory feature in 2013.

The difference made by the SSL HTTPS encryption does not become obvious until you start using the countless Facebook apps. Apps available on Facebook are usually developed and designed by third parties and have their content embedded on Facebook. In addition, they also require you to share your information as a pre-requisite to using the app.

The relevance and impact of the SSL HTTPS traffic encryption goes down the drain when you use a public WiFi or login to your Facebook account through an internet-enabled device that doesn’t have VPN coverage.

 

We are Slaves to Social Media

Why are we so comfortable posting/sharing personal information on Facebook? Why do we want to take a picture of every outing and post it on Facebook? Why do we ‘check-in’ to every place we go to through Facebook? We may not know it, but the answer is simple: we trust Facebook.

Facebook has never been hacked. It has never been part of a bad headline; and the number of features available on/through Facebook continues to increase every day. We are more addicted to Facebook than we would like to admit.

 

Conclusion

Your Facebook profile may belong to you, but your identity belongs to Facebook; and anybody who can get their hands on your Facebook account. Facebook can protect its servers, but you need to protect the data that carries your login credentials.

Judging by Facebook’s response to the Snowden Epidemic (as I like to call it), Facebook is not immune to penetration.

Our reliance on Facebook makes Facebook the ultimate pot-of-gold for hackers and cyber criminals. And Facebook knows this, which is why Facebook has all the more reason to exercise constantly increasing caution.

Octobers are called Hacktobers at Facebook and are spent hack-testing Facebook from every possible angle. Facebook gives its employees prizes if they can find a weakness in Facebook’s code and crack it. But is Facebook really moving fast enough to out-run the hounds at its heals? Or will we all have to use VPNs every single time we use Facebook? We can also use FaceBook in China with VPN.

============================================================================================ If you just can’t get enough of the VPN Industry then follow us on Twitter and Facebook and stay updated on the latest news and events.

Related Articles

Danish Pervez

Author

Danish Pervez's Biography :


When the world sleeps, Danish Pervez is online researching consumer preferences and identifying next-gen trend waves. Experience in IT, combined with his diverse expertise in marketing and research - both traditional and digital - gives him an insight well worth reading and sharing.


Leave a Reply

Your email address will not be published. Required fields are marked *