Facebook tool could be exploited by cyber-bullies

A recent Facebook feature can be exploited to be a cyber-bullying tool in the wrong hands, a security vendor warns.

Facebook's new feature – "reply to this e-mail to comment on this status" – gives attackers a way to post messages on other people's Facebook pages, according to a blog by security vendor F-Secure.

These messages could include personal attacks that seem to come from a user but are actually written by someone who has compromised that person's e-mail account, for instance.

The intent of the feature is to allow Facebook users to respond directly from their e-mail when they receive e-mail notifications that include messages that have been posted to their Facebook accounts. They can respond without having to go to the Facebook site first, eliminating a step and thereby saving time.

But eliminating that step can also leave a crack in Facebook's armour, according to F-Secure security adviser for North America Sean Sullivan. Authenticating to the Facebook site before writing a reply drops out of the equation, so someone other than account holders can post. "They can put words in my mouth," he says.

If a user's e-mail account is compromised via phishing or direct hacking, spammers can respond to any Facebook notifications they come across, Sullivan says. It has posted a demonstration of how this can work here.

Facebook users can opt out of receiving the e-mail notifications altogether by adjusting their settings.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email ARN
• Follow ARN on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark