Who forgot their security settings, then ?

28 July, 2010
http://www.thinq.co.uk/2010/7/28/100-million-facebook-pages-leaked-torrent-site/

A directory containing personal details about more than 100 million Facebook users has surfaced on an Internet file-sharing site.
The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook's open access directory, which lists all users who haven't bothered to change their privacy settings to make their pages unavailable to search engines.
Bowes' directory contains 171 million entries, relating to more than 100 million individual users - more than one in five of Facebook's recently trumpeted half billion user base.
The file contains user account names and a URL for each user's profile page, from which details such as addresses, dates of birth or phone numbers can be accessed. Accessing a user's page from the list will also enable you to click through to friends' profiles - even if those friends have made themselves non-searchable.
There's absolutely nothing illegal about what Bowes has done - the information is, after all, publicly available - but perhaps the existence of a stalker's online black book might finally persuade less security-minded Facebook users to get their arses in gear.

Posted by Greg Hewitt-Long in General Security at 12:47

Perhaps the most important thing to remember about a social networking site is the word “social”. Despite the oxymoron of privacy settings on a social networking site, some people believe there is a level of privacy. This is a good example of two principals. First, you need to check your privacy settings on social networking sites and adjust them to the settings that best suit you. Second, you still don’t put any information up that you don’t want to be public.

When it comes to privacy and Facebook, in particular, you need to understand the thinking of the leadership of the company.

Posted by Greg Hewitt-Long in General Security at 12:46

We have no disabled Discovercard from the online store - if you need to use a discovercard to pay for your purchase, please use the google checkout or PayPal options. This decision was reached after a run of fraudulent orders - Discovercard has no protection systems in place for merchants and cardholders similar to the Verified by Visa, or MasterCard Securecard security programs. As a result, the burden of fraudulent transactions is borne by the merchants - that means us.

We still welcome purchases with Discovercard - but these must be routed through another payment method - ie, Google Checkout or PayPal - who perform additional protection for your benefit, as well as ours.

Posted by Greg Hewitt-Long in Buying NOD32 at 09:50

ESET Mail Security for Microsoft Exchange Server v4.2.10019.0 has been released in English and Slovak. This release adds support for the follow Windows Server and Exchange versions:

Microsoft Small Business Server 2003 R2
Microsoft Small Business Server 2008
Microsoft Exchange 2007 SP3
Microsoft Exchange 2010 SP1 beta

Posted by Greg Hewitt-Long in Eset Software at 12:56