Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

28 October 2008

FPS - Facebook Prevention System

I received a message in my Facebook account today from one of my contacts, with a malicious URL in it. The messages title is, "Youu're the wwhole shhow! i'm admirred wiith you" by the way. So take care.

I am not pretty sure how those Facebook worms normally work. One possible scenario is that there are some bots which try to guess people's Facebook passwords, and then start hacking into their accounts and send malicious messages on behalf of them. One other scenario is that attackers were able to guess the Facebook's users temporary Session Keys, and make use of the Facebook platform and API's to send malicious messages on behalf of the users. In fact, the second scenario is really scary, as users cannot protect themselves by choosing stronger passwords, or making sure they have no malicious applications installed on their PC's that can steal their passwords. But the good news here, is that facebook didn't announce any vulnerabilities in their system yet, so most probably it's the first scenario rather than the second one.

Anyway, I am writing this article to tell you, since Facebook has gained such huge momentum and almost everyone is using it. Why don't security companies start inventing new security applications on top of it.

We've got AntiSpam and Mail Gateway Security Solution for Email. So, may be some day we may see Facebook Applications that are able to check the content of your Inbox and decide whether the messages you receive are Spam, or not. We may see applications monitoring your Status Updates, sent Messages, and Friends Requests, and inform you when it notices any anomalies in such activities and warn you or even stop those anomalies.

But the point is, emails now are essential to business, so the business model for building security applications for emails is justified. But when it comes to Facebook, it's just users like you and me, who refuses to pay money for their desktop antiviruses, and either get cracked versions of them, or wait for their companies to purchase one and deploy it on their company-owned laptops. Also securing Facebook accounts is mainly the responsibility of Facebook Inc, and those guy are forced to protect people's accounts, or else people will find an alternative social network application and start using it instead.

Anyway, all those dreams and business model theories depends on the following:
How essential is Facebook in people's daily life, and may be to business as well (some may claim that they use it for networking and maintaining relations with their customers and business partners)? Are people really willing to pay money in order to protect their accounts? Will Facebook team deploy some extra security measures and charge people for those solutions (Security as a Service)? Will they just deploy those methods for free in order to make sure they do not loose customers? Is there someone really is willing to build such FPS - or let's better call it Facebook Intrusion Prevention System (FIPS) - and sell it to people?

But finally, away from all that crap I've just written above, please, please, please, I do not want to see more torturing and annoying CAPTCHA's, as some people believe they are the only way to fight spam and bots. While for me CAPTCHA's are an AntiUser solution more than an AntiSpam one.

Tags: , ,