Facebook blames a bug for mysterious status on Zuckerberg page, as it confirms plans to offer a complete HTTPS session
Facebook has blamed a bug rather than a hacker for the mysterious message that appeared on a fan page for founder Mark Zuckerberg.
A fan page for Zuckerberg had a status that claimed to be from Zuckerberg and suggested that Facebook should adopt a new business model to help impoverished people.
It read: “Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a ‘social business' the way Nobel Prize winner Muhammad Yunus described it?”
Facebook blamed the issue on a bug, with a spokesperson simply saying that 'a bug enabled status postings by unauthorised people on a handful of public pages. The bug has been fixed'. It also said that only 'a handful of public Facebook pages and no personal user accounts were affected'.
The incident came in the same week as the social networking site announced new security developments including HTTPS connectivity and what it calls ‘social authentication'.
Facebook security engineer Alex Rice said that it wants to bring the benefits of social design to experiences where you would not traditionally expect them, such as account security and social authentication.
Rice said: “Many sites around the web use a type of challenge-response test called a Captcha in their registration or purchasing flows. Traditional Captchas have a number of limitations including being (at times) incredibly hard to decipher and since they are only meant to defend against attacks by computers, vulnerable to human hackers.
“Instead of showing you a traditional Captcha on Facebook, one of the ways we may help verify your identity is through social authentication. We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are.”
The system is already used to confirm the identity of a user when travelling between different countries. Rice said that it is continuing to test social authentication and gather feedback from it users.
Facebook is also now developing a complete HTTPS offering for the whole session, where users will be able to select the option under the ‘Account Security' section of the Account Settings page.
“There are a few things you should keep in mind before deciding to enable HTTPS. Encrypted pages take longer to load, so you may notice that Facebook is slower using HTTPS. In addition, some Facebook features, including many third-party applications, are not currently supported in HTTPS,” Rice said.
“We'll be working hard to resolve these remaining issues. We are rolling this out slowly over the next few weeks, but you will be able to turn this feature on in your Account Settings soon. We hope to offer HTTPS as a default whenever you are using Facebook sometime in the future.”
Eddy Willems, security evangelist at G Data, said: “If Facebook had implemented other authentication possibilities the risk of the page hacking would be minimal. The good news is that Facebook is already addressing these authentication issues. However to implement this worldwide presents another challenge whereby international laws would have to be modified to allow this to proceed. This will not be an easy task as this involves a cost factor that would also have to be carried by the user.
“Maybe the tools and implementations used on the internet are growing too fast for the worldwide inclusion of improved authentication methods. For these reasons we must all exert caution when using the internet and make sure that strong passwords are used, be conscious of the fact that a public network is being used, use a good global anti-virus protection and above all use 'common sense'! The real question is however: 'Will we ever learn?' "