Facebook increases user security with mobile phone codes, community block lists

In a May 12 post on its security page, Facebook announced it is partnering with community site rating service Web of Trust (WOT).

WOT maintains a database of “safe” and “unsafe” sites based on other users’ experiences on the web. The partnership will help Facebook identify “potentially abusive” sites and enable them to warn users who attempt to visit those sites from Facebook.

A second security issue that received attention in Facebook’s post is Clickjacking.

“Spammers sometimes take advantage of a vulnerability in the web browser to try to trick people into clicking on links they might not want to click on,” explained Facebook. “This is called clickjacking, and it’s done by overlaying the link with something more enticing, like a phony offer.”

Clickjacking has often been used on Facebook to trick people into “Liking” a page that then spams their page with additional links.

Facebook notes that it has improved its systems to alert people of these scams and added that “when we detect something suspicious, we’ll ask you to confirm your like before posting a story to your profile and your friends’ News Feeds.”

Login Approvals will also be used by Facebook to prevent unauthorized access by third parties.

Facebook users who often login to the site from a public computer and are concerned about the security of their account can opt for Facebook’s two factor authentication system.

“If you choose to use it, whenever you log in to Facebook from a new or unrecognized device, we’ll require that you also enter a code we send to your mobile phone via text message,” said Facebook.

Google implemented a similar feature for Google Apps users in late 2010.

Security company Sophos said “this latest announcement is a welcome sign, since some of the new security features prevent or actively discourage you from doing certain things on the Facebook network” in a post on their Naked Security blog. However, the company also questioned if the new security features go far enough to protect users.

Tips on keeping your Facebook account safe can be found on Facebook’s Security Page.

http://www.facebook.com/notes/facebook-security/keeping-you-safe-from-scams-and-spam/10150174826745766

http://nakedsecurity.sophos.com/2011/05/13/facebook-announces-new-security-features-but-do-they-do-far-enough/