Control your info has taken administrative rights to hundreds of groups on Facebook this morning – which is going to prompt a stampede of fear across the Facebook landscape. Looking at the security of social networking – this is going to be a bad day for many groups on Facebook.
The group Control your Info has taken over a large number of groups (some reports of upwards of 300) overnight to highlight the security issues with the Facebook system and administration of pages.
Which of course means that the people who are using those Facebook pages are not happy about what is being done to their pages; the comments from the subscribers are priceless.
We can talk about the security of systems, but in the end, we are dealing with a messy human designed system where security is not going to be job one. Facebook security is tending to become the Achilles’ heel of the web site much like Aaron Greenspan proposed on CNET back in February 2008. As we see more and more issues like this coming from Facebook, including the simple to fix but dreaded crossdomain.xml file which is also something that has been talked about since 2008. These things are not new, we know about them, but major web sites are quietly accepting easy fix high risk implementations of information security that are putting millions of people and their business models at risk.
While it is possible to get hold of Facebook security, you have to wonder what their web penetration team (if they have one) is doing. Are they taking huge lunch breaks or are they just simply ineffective? I would vote for ineffective right now because many of the hacks that are being exploited today were talked about last year. If it takes a year to fix something very simple, then there are issues with the internal security group, and there are structural issues with the organization as a whole. It took the fear of predators and children to bring down MySpace, it will be the fear of hackers that will bring down Facebook eventually unless they somehow manage to get it together and start taking a serious systematic approach to information security.
Beyond the fake scammy games, beyond the hackers, and beyond the predator issues that also crop up on Facebook, web 2.0 needs to get security right. They are dealing with a lot of private information, and they are dealing with people who trust Facebook to do the right thing and help keep them safe while using the web site. At this point, we have to question if Facebook can get this right, or if they need to find a highly competent security team that will tear the web site and code apart, and then help Facebook put it back together again. There are some awesome companies that will help do this, and it is time that Facebook gets serious about security, and their reputation.
