Facebook Fears Over Security

Facebook is taking over the world. Fact. Half the worlds population have an account. Even dead people are still signed in as users! It has become a key source in many peoples day to day lives. Millions of peoples emails, dates of birth and other information are stored in the Facebook database. Quite natural then, that they want the most tightly sealed, safest and secure website ever. They need to have a secure website else they risk the wrath and anger of millions of people with stolen data, and, most importantly to them, they risk the loss of billions of dollars.  In fact, they are so concerned about security, that they are spending money on getting experts to find and resolve security bugs.

Not only do they need to protect the users information, they also need to protect their code. Programmers know how important code is. It’s what makes your website, applications, web pages run. An attack on this code, or a hack, can break not only the website, but reputation as well. We all know that Sony fell victim multiple times to this earlier this year. It’s something Facebook does not and can not let happen. They are offering web experts $500 for each bug, error or loophole they find. One man has even earned $7000 helping locate and explain issues. This all started when Facebook established a method of handling bug reports in 2010. With people testing the code and security, Facebook had to promise not to take legal action against every person who found or sought out bugs, but rather thank them for bringing it to their attention and giving the the change to address the problem in question. Naturally, a way forward and to help get experts engaged in this security motion, was to pay them for their troubles and aid. The idea of money may be enough to entice these experts to play ball and be on side with Facebook.

There’s A Loophole In The Loophole Resolution

Graham Cluley, senior technology consultant at Sophos, has voiced concerns though.

They’re specifically not going to reward people for identifying rogue third party Facebook apps, clickjacking scams and the like,” he said. “It’s those sorts of problems which are much more commonly encountered by Facebook users and have arguably impacted more people.”

Facebook is laden with apps. Whether it’s games like Bejewelled or apps like TweetDeck or HootSuite, these all have Facebook API and access to data. This means these codes and apps could carry harmful bugs, hack attacks and even security holes. But with attention only being paid to the official Facebook code and area, these problems could go unseen which could cause irreparable damage to the company.

He is also concerned that those less morally guided web experts may even sell the security bug information to criminal under ground gangs for more money than the dainty reward of $500 from Facebook. It is possible that some companies or criminals would pay good money to get their hands on data explaining the worlds biggest website and it’s flaws. Illegal spam advertising is common on Facebook, the people behind that may be willing to pay over $500 to get their hands on the data. He goes on to say:

Facebook should consider setting up a “walled garden” that only allowed vetted applications from approved developers to connect to the social networking site. Facebook claims there are over one million developers on the Facebook platform, so it’s hardly surprising that the service is riddled with rogue apps and viral scams.”

Key Take Away

With Facebook establishing an ever increasing iron grip on it’s data, code and access, what does this mean for third party apps? Only time will tell. Hopefully they realise that all code which has access to the main frame should be secure and reliable, making Facebook the only  impenetrable fortress on the web.

~Articles mentioned in this post: http://www.bbc.co.uk/news/technology-14715442

~Image source: http://www.flickr.com/photos/lwr