Social engineering and social media | SC Media
Privacy

Social engineering and social media

October 14, 2011
I usually tiptoe carefully around false positive (FP) issues. I understand why people sometimes get infuriated by a high-impact, high-profile FP, but I also know that FPs are, to some extent, inevitable, that low-impact FP events happen all the time (a bit like those earth tremors that are below the threshold of a human being's natural sensors), and that the real marvel is that in a highly pressured industry like anti-malware, it doesn't happen more often.

So I probably wouldn't normally comment on Symantec's inadvertently blocking access to Facebook, or if I did, it would be with sympathy. I couldn't help but be amused, though, at a comment I saw on a private mailing list (hence, no attribution) suggesting that this is actually a correct detection of a site that leaks your private information across the entire internet, rather than Symantec's Facebook facepalm.

It's an amusing thought, but with a slightly bitter aftertaste. As Ira Winkler remarked at RSA Europe last week, "People don't realize what they are putting out there ... Computers are making people easier to use everyday." Though perhaps a suit filed the same day in Mississippi accusing Facebook of violating wiretap statutes, breach of contract, unjust enrichment, trespassing, and invasion of privacy, is symptomatic of a wider scepticism and a not altogether unhealthy paranoia. (I hope, speaking as a professional paranoid.)

The Register's Dan Goodin links the suit (chronologically, at any rate) with a blog by Nik Cubrilovic highlighting the fact that Facebook could still identify (some of) your footprints on the web even after you'd logged out of Facebook using persistent cookies.

While Facebook has subsequently addressed the issue (see here and here) to some extent and will probably dodge the class-action bullet, the ease with which it slips into the role of Cookie Monster remains discomfiting.

prestitial ad