A week of fresh bugs in Facebook has ended with a warning about a privacy oversight in the new Facebook dashboard.
Blog site allfacebook.com has reported that users can view the latest applications that their friends have been using whether or not they want you to. It said that while Facebook will ‘probably' resolve this issue before launch, beta games and applications dashboards are visible to everybody.
A developer told the site: “I may not want my boss to know that I'm playing games during work hours. Or I may not want my friends knowing that I ran the ‘How Perverted are You?' application.”
Blogger Nick O'Neill said: “When I went to the applications dashboard, I was also able to view an application that one of my friends was currently developing (and had not yet made public). Unknown to that individual, I'm now aware of the latest project they are working on. When users visited websites, notifications of their actions were posted to their profile, sometimes without them being aware.
“In this instance the user is completely unaware that the information is being posted about them. This slight flaw could ultimately damage the future of the application dashboard and delay the deprecation of notifications as well as other items in the current developer roadmap. Will users be prompted to post about their latest activity? Will there be a new opt-out system?”
He claimed that the point is that the loophole will require Facebook to head back to the drawing board and while many were expecting the new dashboards to be part of the solution to notifications being deprecated, it is clear that this could rapidly spawn into a privacy disaster.
The news follows user questions about an ‘unnamed app' that appeared in application settings. Many reported that it was a ‘spybot' that they believed to be a rogue application, spying on their activities.
O'Neill reported that hundreds of people were continuing to post status updates about the issue and while users are claiming that it is spyware, Facebook has reported that it is a bug which should not damage your account or computer in any way.
The Facebook security page stated: “Some people have posted about the appearance of an application listed as ‘unnamed app' in their application settings. This was a bug, which we have now fixed. It did not damage any accounts. Be wary of any sites that claim to be able to fix this, as they might contain malicious software.”
David Harley, director of malware intelligence at ESET, believed that it is ‘obviously a generic label' but doubted that it was down to a single malicious application.
He said: “The first point is, though, that while unnamed app may in some instances refer to something malicious, that doesn't mean that ‘unnamed app is a virus'. The second and more important point is that Googling for ‘unnamed app' undoubtedly will turn up some malicious sites, and that's something I can confirm from my own tests.”
Graham Cluley, senior technology consultant at Sophos agreed, detecting that ‘unnamed app' was the 44th most popular search on Google at one point this week. He said: “This and other search engine optimisation (SEO) techniques have helped hackers push their web pages high into the upper reaches of search results.
“If you happen to stumble across one of these malicious sites after searching for information about the unnamed app, you might find yourself infected by fake anti-virus software, designed to trick you out of your hard-earned cash.”
Sophos detects the malware seen on these infected web pages as Mal/FakeVirPk-A.