Safety issues are no longer ignored by Facebook as this social network giant has launched a page called Facebook Safety.

At the time of my writing, Facebook Safety has grown to more than 11,000 fans and another great news is that the articles posted on the Facebook Safety’s Wall are with full focus or direction and the original videos or articles that it linked to are good contents.

In fact, the creation of Facebook Safety page is with purpose. According to Joe Sullivan, Facebook’s Chief Security Officer, “The Safety Page will highlight new initiatives to keep people on Facebook safe, valuable educational materials from Internet safety experts including the members of our Safety Advisory Board, and relevant news coverage.” Wrote in Facebook’s official blog.

In contrast to Facebook Security page, which has 2.2 million of fans; Facebook users should not think of Facebook Safety as a supplementary resource page to Facebook Security, instead the dynamic content posted on Facebook Safety are to complement the resources in the expanded Safety Center that Facebook introduced in April this year.

Moreover, Facebook users should value the availability of Facebook Safety that gives them other options – like links to the outside blog posts, videos, safety research reports, safety know-how via videos, and a resource page pertaining to all the well-known safety experts.

In an open letter [PDF] addressed to Facebook CEO Mark Zuckerberg, 10 privacy groups such as ACLU of Northern California, Center for Democracy and Technology, Center for Digital Democracy, just to name a few, have expressed their Facebook privacy worries connected to some of the user controls found on the users’ profiles.

In fact, the issues highlighted in the letter are not the first time that being caused numerous privacy complaints, but fortunately this is the first time a total amount of 10 reputable privacy groups have put their voices in such an open letter.

Inevitably, the issues written down on the letter is quite accurate description of the privacy worries with Facebook at this moment. As discussed in the letter, the following issues should be fixed in order to make Facebook realize that the user privacy preservation is as much important as the overall market capitalization of Facebook.

Some excerpts of the letter:

1) Fix the “app gap” by empowering users to decide exactly which applications can access their personal information.

6) Provide users with simple tools for exporting their uploaded content and the details of their social network so that users who are no longer comfortable with Facebook’s policies and want to leave for another social network service do not have to choose between safeguarding their privacy and staying connected to their friends.

Fortunately, we know that Facebook has taken some action for its user commitment by launching a simplified version of privacy settings. However, simplified version of privacy control doesn’t mean that Facebook is creating a privacy-protective default settings for all of its users. And thus, most users will continue to believe that privacy control settings is still not the primary concern of Facebook, at least for this particular moment.

There has been a great deal of discussion across the Web pertaining to the Facebook security issues. Yet, this week Facebook has taken another measurement whereby app developers are required to verify their accounts before they can create new app.

According to the developer’s forum thread, the account verification is done either through mobile phone confirmation or adding a credit card to the developer account. Also, the reason behind this security step is to preserve the “integrity of the Facebook platform.”

Now, a question is being asked, “Do you think that the cyber criminals are likely to be deterred simply by having to provide a valid cell phone number or credit card?”

Well. This reminds me a lot of the security solution launched in July 2009 whereby Facebook asked the victims of compromised accounts to regaining access to the accounts simply by walking through a 5-step quick verification process. Furthermore, this verification process also applied to the Facebook new users if they want to obtain their personal usernames.

In fact, there is still an issue for some users whose country is not U.S. and they are having problems in receiving the sms confirmation code. On a side note, typing “facebook mobile confirmation code” on Google search engine, its search assistant will help you to complete the following sentence, i.e. not receiving facebook mobile confirmation code.

Ironically, a genuine Facebook user is afraid to verify his / her own account whereas cyber criminals are not since they are the one who send out the fake account verification emails. Perhaps it’s more accurate to say that as the genuine group of users, we hate waiting for the confirmation code or being hooked by “phishing” scam. We came across the following messages before:

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.”

And thus, we shouldn’t be asked to “update,” “validate,” “verify,” or “confirm” account information anymore.

Note to Facebook users: You’ll most likely receive more phishing emails on Facebook than you’re on Google, IRS (Internal Revenue Service) and RapidShare, according to a scam report released by Kaspersky Lab this month. Perhaps it’s no big surprise as Facebook has more than 400 million users and became one of the most popular targets for phishing scams.

On the report, it compiled that Facebook is accounted for 5.7 percent of the phishing pie chart, and thus ranks fourth in the top 10 most popular phishing targets in the first quarter of 2010 across the Web. Meanwhile, the report said that the first most targeted is PayPal, followed by eBay and HSBC is ranked as number three.

On the other hand, with 5.7 percent of the total volume of phishing attacks that Facebook confronted, it is more targeted than Google, which ranked 5th with 3.1 percent, followed by the IRS with 2.2 percent, and RapidShare, the popular hosting site, with 1.8 percent respectively; see the pie chart below.

Source: available at http://www.kaspersky.com/images/vlill/q1_spam2010_pic09_en.png, accessed May 20, 2010

Thinking of your account safety but you do not know how to configure Facebook privacy settings properly? Watch the embedded video in the below and see if it’s right for you.

In fact, the video was produced by ConnectSafely.org, a non-profit Internet safety organization and it’s a 5 and a-half min length video.

Enjoy!

As announced in Facebook’s official blog, they have introduced two main new security features to further protect their user accounts from hackers and scammers.

From now on, users can choose to be notified when their accounts are being accessed from the computers or mobile devices they haven’t used before. Should Facebook detect any suspicious login with the user account, they will ask the person to name the device name, in addition to send an email notification to the account holder as a warning message.

However, to enable this new Facebook security feature, Facebook users have to log-in to their accounts and manually configure the following setting:

1) Log in and click on “Account” at the top right of the page

2) Then on account page, click on “Settings”

3) On the Account Settings page, click on “Account Security”

4) The last step is to change the selection from No to Yes, as shown in the below picture.

Meanwhile, they also add a new layer of security that works at the personal security question; whenever there is a suspicious login, Facebook will prompt the person for identity confirmation.

In fact, the back-end mechanism of these features is targeting at the IP level to automatically match the IP address of one logged in to Facebook, and hopefully these new additions can help to further protect Facebook users from malicious individuals.

Good news for the Facebook users, Facebook has re-enabled its chat feature.

In fact, the chat feature was down for maintenance on Wednesday in response to a report that exposed a security bug. In the report, it said users can access and view the private chat messages and also the pending friend requests by simply controlling the preview of the profile of Facebook’s privacy settings.

Nevertheless, it seems Facebook has finally worked out the known bugs in its chat feature, and hopefully there will be “no” other similar bugs popped up in near future.

If you came across an email asking you to download the Facebook toolbar, with the email heading, i.e. Try the New Facebook Toolbar! Please delete it straight away.

As shown in the below picture, it is clear that the virus authors are using a subtle way to lure potential victims into downloading a toolbar. Perhaps, download the new Facebook toolbar will get users a better way to share and connect with friends is more tempting than anything else.

The email also comes with an executable file, i.e. toolbar.exe. This toolbar.exe is presented itself with an icon of a black ball with “darkSector” written on it and it is detected as a Trojan.Dropper by Symantec.

Typically, Trojan.Dropper is a standalone program that drops different type of standalone malware (trojans, worms, backdoors) to a system. Once executed, it will extract all files it contained to some folder (usually temporary folder) and runs all of them simultaneously. In many cases, Trojan-Droppers also drop and executes to display games, images or messages, which serve as decoys to avert attention from malicious activities.

Panda Labs has detected a new Bredolab variant masking itself as the “Facebook Password Reset Confirmation! Support Message.” As shown in the below picture, you’ll notice that the From in the email is labeled as “Facebook Manager” and typically, the sender address is spoofed.

The attachment is entitled as Facebook_document_Nr8527.zip and if you’re open this kind of the attached document for the password reset, your computer is vulnerable to be affected by malware.

In fact, the malware is known as Bredolab.AX and has been discovered in October 2009 by Avira, one of the leaders in Internet security field.

Simple put, Bredolab is a trojan horse that downloads and causes some side effects such as downloads a malicious file. Furthermore, the file gets executed after it was fully downloaded on victim’s computer.

Suffice it to say: If you receive any email like this, delete it straight away.

Picture:

Source: available at http://support.pandasecurity.com/forum/viewtopic.php?f=160&t=3232, accessed April 30, 2010

According to Australian ABC News, Facebook is now examining its accounts of users whose passwords have been hacked by a Russian hacker.

The hacker who called himself Kirllos claimed to have the account details amounted to 1.5 million Facebook users. What’s more, the hacker is offering to sell the login details of accounts hacked by him for a price in between US$25 and US$45 per batch as 1,000 user logins stands for one batch.

In the meantime, Facebook is urging its users who feel their accounts are compromised to follow steps on its security page.

“We’re investigating the accounts in question so that we can block access to any that might be compromised and restore them to their rightful owners,” spokeswoman Maureen O’Hara said.

“We invest heavily in helping people keep their accounts secure and have a team of security professionals who investigate specific attacks on our users and work with law enforcement to pursue those responsible.”

Ironically, it seems the Facebook account selling was not started on this month, but months ago when the hacker registered his account in one of the forums in Russia namely Antichat.ru on last December. There are few topic forums found on that forum with a heading, i.e. “[Sell] Facebook” and batch by batch of Facebook accounts hacked have been posted by kirllos from 2nd January to 8th February in this year.

Sadly, this kind of incident should not be happened on Facebook. The reality is that there are still many, and many users do not aware of how important of keeping their accounts safe.

In this matter, users are advised to be wary of logging onto their Facebook accounts other than the official Facebook page, i.e. facebook.com domain.

In addition, it’s a good practice to use version updated Web browser when facebooking on the Web, and choose the unique logins and passwords for each of the different Web sites you used. Also, be cautious of any message, post, or link that looks suspicious or requires an additional login, even if it is coming from a friend.