What’s the Difference Between Facebook Security and Bigfoot?

The difference is that there have been reported sightings of Bigfoot.

The keynote address at the Virus Bulletin conference today was given by Nick Bilogorskiy, a member of the security team at Facebook. To start with, I have known Nick for several years and I can tell you that he is very intelligent and a terrific person. That said, I do take exception with some of what Nick presented. Nick claimed that security is the top priority at Facebook. If you go to http://www.facebook.com (while not logged in) you arrive at the Facebook homepage. Do you know how many times the word “security” appears there? Zero. There are absolutely no links to anything about security. On Facebook’s home page, security is non-existent and there have been no reported sightings. If your account has been compromised and you cannot log onto it, don’t look to www.facebook.com for anything resembling help. There is a help link on the Facebook homepage and it does take you to a page with a security link, and on that page there is a category for “my account has been compromised, but in the case you can’t log into your account it is very, very difficult to figure out what to do, if possible at all.

Nick also mentioned a feature called “Account Activity”. The idea is that you can see if you are logged in from other devices. For example, you logged in using a friend’s phone or computer and forgot to log off. The Account Activity feature will let you see all places you are logged in from. The problem is that it is difficult to find this feature. If you search “Account Activity” in the Facebook search field you will get results for Delta Skymiles, EBay, and the Securities Exchange Commission (SEC), but not for Facebook.

If Facebook wants people to believe that security is anything more than their last priority they need to make security visible to users. There needs to be a link to security related topics right on the log in page. The link should include both reporting mechanisms and, get this, it is a novel idea, educational resources so a user can learn about being secure on Facebook before they even sign up! Imagine that, proactive security. Once logged in there should be a link to security resources on each user’s homepage.

There have been numerous reports of sightings of Bigfoot, the Abominable Snowman, and even the Loch Ness Monster, but no reported sightings of Facebook security. It is long past time for this to be changed.

Randy Abrams
Director of Technical Education
ESET LLC

Author ESET Research, ESET

  • Matt

    Title should probably be What’s the Difference Between Facebook Security and Bigfoot?

    • Randy Abrams

      Yep.

  • Miguel

    You forgot the disclaimer at the start of his talk…
    it is ALL about HIS opinion (Facebook has nothing to do with ) :D

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
29 Sep 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.