On Monday, Facebook announced that they are teaming up with cyber-security company Websense in a move to keep Facebook users safer from sites that are known to be untrustworthy.
According to TechCrunch,, if a friend's account posts a sketchy link that claims, for example, to let you see who's been checking out your profile, Websense's system will instantly run a check on that link if you click on it. Websense is able to tell if a site is malicious even if the system has never encountered that particular URL before. If the link is deemed suspicious, a dialogue box pops up telling the user why the site could be dangerous and encouraging them to “Return to previous page.” If, after being warned, the user still wants to check out the site, they can simply choose to ignore the warning and proceed to the page.
Good Facebook security controls are especially important for organizations that employ people who access Facebook at work. According to Websense’s data, 52 percent of companies have reported increased malware attacks because of social media use by employees. However, only 29 percent of companies say they have the necessary protections in place to combat these attacks. Apparently, companies have left much of the safety leg-work to Facebook, a company which has been criticized for not doing enough to protect its users' security.
In May, Facebook announced a raft of new security measures including protection against clickjacking (tricking people into clicking on links), login approvals, and a partnership with cyber-security company Web Of Trust, which offers a free add-on that uses crowd-sourced information to determine a website’s trustworthiness. Under Web Of Trust's method, each website gets a ranking, which appears next to the website title in the search results page. The partnership gave Facebook access to Web Of Trust’s bad site blacklist to add to their own list of dangerous sites.
However, when these new security measures was announced, The Register called Facebook’s security controls “outstandingly mediocre.” Paul Ducklin, Head of Technology at Cyber-security firm Sophos, accused Facebook of not going far enough to protect their users. In a statement on the Sophos blog, Ducklin said he was dubious about the effectiveness of Web Of Trust and felt that the clickjacking protection and the login approvals were too weak. “After all,” he wrote, “Facebook's revenue doesn't come from protecting you, the user. It comes from the traffic you generate whilst using the site.”
The announcement of beefed up security controls, thanks to the Websense partnership, comes at a time when suspicion of Facebook’s motives is high. Tech News World reports that a group of privacy and consumer groups have already written to the Federal Trade Commission with security concerns over Facebook's new Timeline profile feature. According to Reuters, Irish regulators are also preparing a probe into the Timeline's "frictionless sharing," which more publicizes app use and may employ controversial tracking methods.
As the debate over Facebook's Timeline rages, users can at least find comfort in the fact that Facebook's stepped up its policing of potentially malicious links within the social network.
Take a look at our slideshow of the 9 most common Facebook hacks and attacks every user should look out for.