Tag Archives: Facebook

Facebook set to hand over users’ information to third-party advertisers

facebook advertising

Facebook will hand over users’ information to advertisers to enable them to advertise more effectively on third-party portals. This will be done through the Atlas platform that compiles data from the social network and uses it on external websites.

This way, if you click ‘like’ on a clothing website, you will begin to see adverts for similar products when you visit other pages.

So, with the data gathered from Facebook a history of likes and preferences is compiled which helps advertisers identify potential customers.

Advertising on Facebook

Until now, advertising on Facebook was done using cookies that registered your ‘likes’ as you visited other Internet pages. So when you were in Facebook you would be shown adverts in accordance with your preferences.

The aim of this latest methodology is to improve the effectiveness of advertising, and to track people’s preferences on mobile devices, which is what Atlas can do through Facebook.

What do you think? Are we losing privacy with these kinds of initiatives?

More | Android users under attack through malicious ads in Facebook

The post Facebook set to hand over users’ information to third-party advertisers appeared first on MediaCenter Panda Security.

Facebook tag – fears over “Faceprints” after genetic match

A young man who got an email from Facebook ‘identifying’ him via Facebook tag in a series of photographs which turned out to be his mother as a young woman, says that the “oddly compelling” incident “opens the door to larger and more difficult questions,” according to a report in The Verge.

Specifically, the incident raises questions over what else Facebook’s algorithms can do.

Clearly in this case, they made an error, Fred Benenson, a data scientist at KickStarter, says, but the inadvertent ‘tagging’ shows off that the algorithm currently in use on Facebook to ‘tag’ photos can, in theory at least, trace people’s families via genetic traits translated into their faces.

“What about the cases where this algorithm isn’t used for fun photo tagging?” Benenson said to The Verge via email.

Facebook tag: What can this technology do?

“What if another false positive leads to someone being implicated for something they didn’t do? Facebook is a publicly traded company that uses petabytes of our personal data as their business model — data that we offer to them, but at what cost?”

NEC’s Neoface biometric software is already being used by police forces in the U.S. and the UK to identify people from video footage, as reported by We Live Security.

Facebook’s photo tagging is currently only used within the site, and is an option the user can control. The site has refused to say how they might use this data in future.

Facebook’s faceprints are already controversial. When Facebook extended the reach of its ‘faceprints’ so it could identify people via profile photos, as well as those they were tagged in, the ‘feature’ was banned in Europe.

Controversial technology

Senator Al Franken said in a press release, “How many Faceprints does Facebook have? . “Presumably, this would lead to a significant expansion of Facebook’s faceprint database. It would also likely capture some of Facebook’s least active users—those who are visible in their public profile photo but are not tagged in any other photos. These people are often less active users who may not be aware of Facebook’s privacy changes. I urge Facebook to reconsider this change.”

Facebook has already extended the ‘reach’ of tagging, by allowing brands to reach into people’s news feeds by ‘tagging’ other brands or celebrities, according to Marketing Land, and thus reaching the news feeds of people who did not opt to follow them.

Benenson’s case shows off, The Verge says, the power of such algorithms to identify people by family affiliation, race, and even regardless of age: if someone has posted a picture on Facebook, the site will be able to identify them years later.

Facebook’s current face-matching algorithm is limited in scope, at least compared to an algorithm unvveiled as part of one of the networking giant’s AI research projects.

Deepface was one of these – and can match two previously unseen photos of the same face with 97.25% accuracy – humans can do the same with around 97.5% accuracy, a difference which TechCrunch describes as “pretty much on par”.

Deepface: The alarming ‘next step’

It’s a huge leap forward in the technology, which some see as having potentially alarming implications for privacy.

Although Deepface is a research project, and unrelated to the technology used on the site, it “closes the vast majority of the performance gap” with human beings according to the Facebook researchers behind it (PDF research paper here), and can recognize people regardless of the orientation of their face, lighting conditions and image quality.

Publications such as Stuff magazine describe the technology as “creepy”, saying that were it implemented “in the wild” it should make site users “think twice” about posting images such as “selfies.”

Deepface uses deep learning to leap ahead of current technology – an area of AI which uses networks of simulated brain cells  to ‘recognize’ patterns in large datasets, according to MIT’s Technology Review.


The post Facebook tag – fears over “Faceprints” after genetic match appeared first on We Live Security.

Facebook offers a new tool for configuring privacy

privacy facebook

As Facebook is always changing, keeping your profile private and secure is a complicated and time consuming task. The social network therefore, aware that this could put many users off sharing their news with contacts, has developed a new tool to simplify the job.

With this new feature, a friendly blue dinosaur helps you to quickly and simply check which of your contacts can see your latest posts.

To access it you have to click the padlock symbol in the top right of the screen and select “Privacy checkup

facebook privacy check - up

A dialog box then opens with three simple steps.

How to configure privacy settings in Facebook

  1. The first option lets you control who can see your posts when you update your status from the news section or from the wall. As well as telling you the current settings, you can also change them to suit your preferences

facebook privacy check - up posts

  1. The next step displays a list of all the applications that can access your profile and information. Here you can also prevent this access if you no longer use the application in question. What’s more you can see which of your contacts can see posts that the applications publish ​​in your name.

facebook privacy check - up apps

  1. Finally, Facebook helps you check which personal information you’re sharing on your profile: your job, school and college background, where you live … you can add or delete data and restrict access to it.

facebook privacy check - up profile

Although none of these settings prevent Facebook from using your personal information for advertising, it can help you know which contacts can see which posts.

At present this help feature does not include settings for albums or photos as a profile or homepage, which you will have to check directly.

If after meeting Facebook’s new dinosaur you still have questions about the privacy settings of your profile, you can always check our guide.

More | Facebook Privacy Guide


The post Facebook offers a new tool for configuring privacy appeared first on MediaCenter Panda Security.

How to look like an idiot on Facebook and Twitter

Looking like an idiot on social networks like Facebook and Twitter is not too difficult. Many people have achieved this state of being without much thought at all. So c’mon! With a little effort and commitment you can lose your job, get arrested, or alienate your friends! ;)

Facebook idiot

Here are the top 3 ways you can look like a total nincompoop on social media.

  1. 1. Post rants and other fun messages. Anger is a completely natural, healthy emotion. Some people think it’s a good idea to try to control it so they won’t, for example, drive their fist through the wall or punch their co-worker in the nose. But now, you can release all that pent up emotion by communicating your feelings on social media!

Like this woman: After being passed over for a promotion at work, an Arizona woman posted an angry Facebook message in reaction. How good it must have felt to let her frustration out. Since she was friends with her co-workers, they all saw it. It said,

This place is a joke!!! I wonder if I passed up a good opportunity by being at this place. I absolutely hate fake and lazy ppl!!! Ugh, the ones who actually work are the ones to blame??? WTF? #TwistedMinds.”

Those co-workers of hers, not the fake or lazy ones,  were sure to surround her with support and encouragement after reading how distressed she was.

Oh. Oops. They couldn’t encourage her. She was fired shortly after that rant.

Here’s an example of a proud daughter bragging about her father. That’s really sweet, isn’t it? Most teenagers complain about their parents, but this Florida girl took to Facebook right away to express her joy about an $80,000 age-discrimination lawsuit her father won from a former employer, a posh private school. She had plenty of classmates at the school who saw the post. She wrote,

 Mama and Papa Snay won the case against Gulliver. Gulliver is now officially paying for my vacation to Europe this summer. SUCK IT.

It’s so nice that a young girl wants to travel in Europe for the summer…all that history and culture…and the food…

Oh. Oops. The school’s administrators and lawyers also got to see her message. The lawyers were not amused, so they invoked the confidentiality order and voided her father’s settlement.

Read more on our blog about dumb things people post.


  • Before posting, take a moment to rethink what you just entered in the newsfeed. Re-read what you wrote before hitting the publish button.
  • Take advantage of Facebook Groups or Google+ circles to make sure your messages get to the right people.
  1. 2. Let it all hang out: Ignore your privacy settings. In the excitement of daily life, it’s easy to forget how many people can read your posts. From co-workers to your mom, even strangers; virtually anyone can read your angry rant, your drunken Tweet, or see Selfies of your trip to the mall when you were supposed to be home sick in bed. When I read about this guy, I knew you’d like it too – it’s so cute.

Facebook idiot1A Florida drug dealer shared a selfie of himself in his car with a wad of cash and illegal drugs in his lap. Through the window of the car, you can plainly see a sheriff’s vehicle pulled alongside. He posted it to Facebook with a comment about how easy it was to deal drugs under cops’ noses. His friends probably got a good laugh out of that, and I’ll bet he got plenty of likes and shares.

Oh. Oops. This guy must not have heard that Facebook has privacy settings, and he apparently didn’t know that he could tweak the settings for Friends only. Since his newsfeed was set to public, that nosy Sheriff’s office was able to see the photos. They must have gotten a good laugh from it, too.


  • Learn about Privacy settings and shortcuts on the social networks you use. This blog post will help you with Facebook, and this one with Google+.
  1. 3. Believe everything you read, and then share it!

Who doesn’t love spending a rainy afternoon watching videos of their favorite celebrities in compromising positions? Rihanna’s sex video, and that crazy Justin Bieber…what will he think of next? Filling out a little survey is no inconvenience. And if you don’t like it, there’s that famous Dislike button you can download for free. Never mind the unwanted toolbar that comes with it!

It is heartening to know that people are concerned about privacy, and many of them shared it with this notification. Too bad it was meaningless.

In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, graphics, comics, paintings, photos and videos, etc. (as a result of the Berner Convention). For commercial use of the above my written consent is needed at all times!…

Unfortunately, sad things are also shared. This past week, 24 million people shared a video that claimed to be the last good-bye from Robin Williams. It is a fake meant to scam people out of their personal data.

// <![CDATA[
(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = “//connect.facebook.net/en_US/all.js#xfbml=1”; fjs.parentNode.insertBefore(js, fjs); }(document, ‘script’, ‘facebook-jssdk’));
// ]]>

Many avast! users were incredulous that this type of scam could still happen, and indeed, this video and others of it’s ilk are fakes. Cybercrooks use our morbid curiosity to tempt us into clicking on wall posts, videos, and links.


  • If you see anything questionable, don’t click the link. Rather mark the post as spam or click the X to remove it. If you are interested in the subject, search for it on a major search engine and try to find it from a reliable source.
  • Get rid of unwanted games in Account settings > Manage apps.
  • If you do fall for a clever scam, don’t beat yourself up – just change your password, and maybe notify your friends because chances are good you will unknowingly spam their newsfeed.
  • Make sure you keep avast! Antivirus updated, or if you don’t have antivirus protection, get avast! Free Antivirus for your PC or Mac and avast! Mobile Security for Android devices immediately.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Week in security: Nuclear attack, scareware back and traffic-light hack

This week in security news saw two of the scariest targets for hacks ever – nuclear plants and city-wide traffic systems. The stories delivered the goods, too — the traffic-light hack could basically have been carried out by anyone, and paralyze any one of 40 American cities, and America’s  Nuclear Regulatory Commission was successfully attacked three times within the past three years, by unknown attackers, some foreign – and largely using standard phishing emails and similar techniques. It is still unknown who the attackers were.

In terms of novel malware, it was a bit of a dry week (always a good thing) bar the return of scareware  – this time armed with an even more annoying method of making you pay up.

In Cologne, gamers gathered for Gamescom – and ESET’s Aryeh Goretsky took a look at how gaming has evolved, and cybercrime along with it, with discussions of gold-farming, theft of virtual goods, and how gaming companies are now fully awake to the threat of cybercrime.

Hackers get a “green” for go!

Often, when one reads a paper behind a cybercrime story, it’s disappointing – not so in the case of the novel attack against city-wide traffic systems described by University of Michigan researchers, which is genuinely terrifying. Little skill was required – radios are unencrypted, or used default passwords, and control units had known vulnerabilities.

An attacker, like the film’s ‘crew’ on robbery, could control a series of lights to give himself passage through intersections, and then turn them red to slow emergency vehicles in pursuit, according to the BBC’s report.

The researchers at the University of Michigan, who say that networked traffic systems are left vulnerable by unencrypted radio signals and factory-default passwords, and that access to individual lights – or even a city-wide attack, as in the film, is possible, according to Time’s report.

“This paper shows that these types of systems often have safety in mind but may forget the importance of security,” the researchers write. Technology Review points out that Michigan’s system, which networks 100 lights, is far from unique. Similar systems are used in 40 states.

Scareware II: The return

Over the past months, ‘scareware’ – windows that warn users that their machine is infected, then, ironically, persuade them to download malware – has dropped, says Microsoft, as users wise up.

But a new variant, Win32/Defru has a different and simpler approach on how to trick the user and monetize on it. Basically, it prevents the user from using the internet – it displays warning windows instead of sites. Now that really is cruel.

The malware targets 300 websites, and when a user tries to access them, they instead see the following fake message, ““Detected on your computer malicious software that blocks access to certain Internet resources, in order to protect your authentication data from intruders the defender system Windows Security ® was forced to intervene.”

Rogue AV is still found – indeed ESET has been repeatedly ‘honored’ with fake scareware versions of  of its products such as when ESET researchers discovered a Trojan packaged to look like antimalware products,  – but Microsoft reports that in the past 12 months, scareware had fallen out of fashion.

Microsoft researcher Daniel Chipiristeanu says, “Lately we’re seeing a dropping trend in the telemetry for some of the once most-prevalent rogue families,  It’s likely this has happened due to the anti-malware industry’s intense targeting of these rogues in our products, and better end-user awareness and security practices.”

Chipiristeanu says that “education” has played a part – but new gangs have simply moved on to new methods to target victims.

Pay for privacy? Yes we would!

Silent Circle, makers of Blackphone, are not smarting overly from their handset’s humiliation, it seems – and their mission to stop everyone spying on us continues. They have support, it seems - a poll of 2,000 people found that almost all of us believe we are being spied on, and about a third would pay to stop it.

Privacy issues have become an increasing concern outside the security community – in part thanks to revelations of government surveillance, as discussed by ESET researcher Stephen Cobb. Silent Circle carried out the survey in May this year, via OnePoll and found that 88% of UK workers believe their calls and texts are being listened to, versus 72% of Germans – it’s not clear by whom.

Nearly a third – 31% – of Germans would pay for a service which guaranteed their texts and calls were not being listened to. In Britain, 21% would do so. Germany is traditionally more privacy-conscious – services such as Google StreetView are not permitted there.

The scandal over Facebook’s Messenger app – and the overstated responses of many media outlets, served to highlight this. Cosmopolitan writes, “Basically, it can control your whole phone. And, most scarily of all, CALL PEOPLE.” Cosmopolitan had not been previously known for its concern with online privacy.

Nuclear Armageddon: Virtually here

A report released by America’s Nuclear Regulatory Commission highlighted how depressingly ordinary cyber attacks can still be effective against even the highest value targets.

The spear-phishing attacks against the Nuclear authority were hardly hacker whizkid territory, but nonetheless, hundreds fell for them.

CNET reports that one incident led 215 employees of the nuclear agency to “a logon-credential harvesting attempt,” hosted on “a cloud-based Google spreadsheet.” The information was obtained through a specific request by NextGov. A second spearphishing attack targeted specific employees with emails crafted to dupe them into clicking a link which led to malware on Microsoft’s cloud storage site SkyDrive.

The third attack was a spearphishing attack directed at a specific employee. Once his account credentials were obtained, emails were sent to 15 further employees, with malware-laced PDFs.

“It’s still unclear which country originated the attacks, and whether the attackers were acting independently or as a part of a larger state action.

NRC spokesman David McIntyre said that his security team “thwarts” most such attempts.

Conspiracy theorists, start your engines!

Our last story really is the stuff of conspiracy theorist’s dreams: the very next day after Malaysia Airlines Flightt MH370 disappeared, “sophisticated” malware was used to steal documents from government officials working the case.

A mysterious attacker in China purloined “classified documents” in “significant amounts”, details of which remained vague – stoking the fires of conspiracy still further.

The Malaysian Star claims that the attack targeted officials with a PDF document which appeared to be a news report about Flight MH370, and was sent to a group of investigators. Around 30 computers were infected by the malware.

“We received reports from the administrators of the agencies telling us that their network was congested with e-mail going out of their servers,” CyberSecurity Malaysia chief exec Dr Amirudin Abdul Wahab said.

“Those e-mail contained confidential data from the officials’ computers, including the minutes of meetings and classified documents. Some of these were related to the Flight MH370 investigation.”

Business Insider says that the attack occurred one day after the Boeing 777 went missing, and took the form of an .exe file disguised as a PDF (a common office file format).

It’s unclear who the attacker – or attackers – were, but information from infected computers was transmitted to an IP address in China. Officials in Malaysia blocked the transmission, The Star said.


The post Week in security: Nuclear attack, scareware back and traffic-light hack appeared first on We Live Security.

Facebook scams – the ‘classics’ and how to avoid them

Facebook has changed hugely over the years – remember ‘Pokes’? – and today’s sharing machine, with its videos, its news and its scams,  is very different from the bare site Mark Zuckerberg launched.

Naturally, each new ‘feature’ has also brought new privacy worries – and security-conscious users should revisit their profile with our detailed guide to ‘maxing’ privacy on Facebook.

But some things haven’t changed – namely, the Facebook scams. It’s not that cybercriminals are unoriginal – it’s just that there are a few Facebook scams which work again and again, and all the criminals need to do is vary them slightly to keep money rolling in.

ESET Senior Research Fellow David Harley says, “While hoaxes may not seem the most dangerous aspect of online life, the migration of old hoaxes and new variations from email to social media does have some serious implications, as people Like and Share links without checking because they seem to come from likeminded and trusted friends.”

“The more FB friends you have, the more you’ll see these reverberate. You may not worry about political propaganda, but medical hoaxes and semi-scams can be a literal threat to health. “

ESET’s Social Media Scanner offers a quick, free way to check out if that news story on Facebook is true – or a scam. It never hurts to be cautious, though – and here are five classic scammy and spammy posts you should NEVER click.

Facebook scams‘Help, I’ve been mugged abroad’

Your friend or family member has lost their phone – so it makes sense they’d contact you via Facebook for help. Usually the story goes that they have been mugged or are in hospital – but it’s one of THE classic online scams, and one of the common uses cybervillains put hijacked Facebook accounts to. ESET’s Harley offers detailed tips on spotting the scam – known as ‘Londoning’,  due to early versions being used on Americans. Harley quotes a typical text: “I hope you get this on time, I made a trip to Manila(Philippines) and had my bag stolen from me with my passport and personal effects therein. The embassy has just issued me a temporary passport but I have to pay for a ticket and settle my hotel bills with the Manager.”

“I have made contact with my bank but it would take me 3-5 working days to access funds in my account, the bad news is my flight will be leaving very soon but i am having problems settling the hotel bills and the hotel manager won’t let me leave until i settle the bills, I need your help/LOAN financially and I promise to make the refund once i get back home, you are my last resort and hope, Please let me know if i can count on you and i need you to keep checking your email because it’s the only way i can reach you.”

Naturally, people worry – but it’s not your friend. Someone has hijacked their account. Harley offers five steps to take in a post here – starting with “Be suspicious” and “Verify.”

Facebook scams‘See who has been looking at your Facebook profile’

Facebook will NEVER introduce a feature that allows people to see who has looked at their profile – with the number of people who surreptitiously look up old (or potential new) flames it would probably cause World War III.

Beware – it’s a classic scam post, along with variations on real new Facebook features, or fake ones such as turning your profile pink (another bizarrely long-lived scam).

Links offering early access to features such as Facebook’s A Look Back video, or upgrades to Timeline can also be scams, as reported here. The key warning sign is that you are directed outside Facebook – look at the URL.

If Facebook was ‘upgrading’ you, it would do so within Facebook. As soon as you see an external site URL, close the window – and do not install any app. In many cases, scam videos will install a ‘rogue’ Facebook app to spread rapidly via the network – but as reported by We Live Security here, such scams can, in the worst case scenario, lead to tainted sites which infect users with PC malware.

If I get a million Likes….

What’s the harm in “Liking” a page if it’ll get his girlfriend to marry him? Not a huge amount – but you’re still helping scammers earn money. Campaigns such as privacy drives, or “Click This if You Hate Cancer” are also usually just as fake (ESET Senior Research Fellow David Harley offers tips and thoughts on these “chain letters” of Facebook)  – as are pictures where you’re urged to click and see what happens. Likes, of course, are the “currency” of Facebook – so criminals collect them by any means, air or foul. Daylan Pearce, a search-engine expert at Next Digital in Melbourne says pages with 100,000 likes can be sold for $200, according to adverts unearthed by Pearce.

‘Within 3 days a post like this one has 70,000 likes, and someone somewhere is about to make a nice little profit by selling the page to a business wanting some quick wins. The buyer then changes the page details.Instant fanpage with a big following, lots of likes.”

Your “Likes” also remain visible forever – and could serve adverts to your friends. Any pages you have “Liked” are also now searchable in Facebook’s new Graph Search. Visit your Activity Log and make sure you haven’t “Liked” any companies, products or sites you wouldn’t want the world to know about.

The warning from Facebook

“WARNING : Your account is reported to have violated the policies that are considered annoying or insulting Facebook users.system will disable your account within 24 hours if you do not do the reconfirmation.” The fake warning, is of course, a tool as fundamental to scammers as lockpicks are to burglars – witness this report just this week. Some of the bad English in that particular post should alert you to the fact that this is not a communication from Facebook – but it’s good enough to fool you if you’re not fully alert.
It’s a scam and a particularly vicious one at that.

Identified by Facecrooks.com – a great site to stay up to speed with the latest scams – the ‘warning’ scam is easier to fall for because Facebook does block certain posts or behavior – but the warning sign here is that a genuine reprimand would NEVER ask for your password. Why would Facebook need it at that point? Facecrooks writes, “if a user submits their Facebook login credentials, then the scammer will have complete control over their account. They can access their personal information to try and steal their identity, they can send bogus messages to their friends stating that they are in trouble and please send money, they can send links to other scams to all of the victim’s Facebook friends….the opportunities for misuse and exploitation are endless! Similar scareware posts involve Facebook purging drug-related posts – again, a scam.

Facebook scamsThe morbid celebrity-death story

News stories DO spread through Facebook – but so do fakes, or hybrids where a real story is changed to offer one morbid detail. Last week, a video purported to offer a video of Robin Williams making his last phone call, should ring alarm bells – few news sources would play such a video so soon after someone’s death. The scam, which you may see shared by your Facebook friends oblivious to the fact that they are helping fraudsters earn money, claims to be a ghoulish video of Robin Williams making his last phone call before committing suicide earlier this week. Of course, you might be fooled into believing it is genuine. After all, you have just seen one of your Facebook friends share it on their wall.

Multiple scams – including some using fake Facebook profiles – targeted grieving victims of the recent Flight Mh17 tragedy. Alistair MacGibbon of the University of Canberra said that the criminals would hope to make money for referring victims to unscrupulous sites – and that the practice was increasingly common. “Crooks are super-fast these days at picking up on anything that’s remotely topical, and working out how to monetize it from a criminal point of view,” he said. “It’s a really distasteful trend.”.

The too-good-to-be-true ticket offer

Cybercriminals follow the news avidly – hoping to fool users into clicking on malicious links in fake news stories – but the low-hanging fruit is upcoming events. Whether it’s the World Cup or a big concert, people  DO want tickets – and worst of all, some companies offer them through Facebook competitions, which makes the scam more convincing. A recent tickets scam encouraged fans to forward the link to friends to win Rolling Stones tickets. “You’d be making a big mistake if you clicked on the link, as you will be taken to a third-party website which strongly encourages you to share the link via social media, and then coerce others into clicking on it,” writes We Live Security’s Cluley. It is often safer to Google the subject of a link or type a website’s main URL into a browser instead of clicking the link – here, fans would have found that, on the official Stones website, there was no mention of the offer at all.


The post Facebook scams – the ‘classics’ and how to avoid them appeared first on We Live Security.