Facebook app security questioned

19 January 2011 Last updated at 05:23 ET

Facebook should adopt tighter security measures to protect its users, according to a leading internet firm.

Experts at security company Sophos say a rise in unmonitored Facebook applications endangers the site's 650 million users.

Instead, they suggest that it should mimic Apple's App Store, which vets all programs available for download.

But Facebook said its data shows the opposite of Sophos and that it already has "extensive" protection for users.

"We have a dedicated team that does robust review of all third party applications, using a risk based approach," the firm said.

"That means that we first look at velocity, number of users, types of data shared, and prioritise. This ensures that the team is focused on addressing the biggest risks, rather than just doing a cursory review at the time that an app is first launched."

Sophos said that reviewing apps before launch had "proven effective in protecting users".

'Strict control'

In its 2011 Threat Report, which outlines the major online dangers to be expected over the next 12 months, the company points out that Facebook is now one of the biggest targets for criminals and fraudsters.

This is partially because of the site's size and popularity - but also because Facebook allows anyone to build applications, games, surveys and other programs. The most popular ones have been downloaded tens of millions of times.

While this open system might be good news for Facebook's business, says the report, it leaves inexperienced users vulnerable to attacks from malicious hackers who are increasingly building fake applications that trick people into handing over their private information.

"Facebook, by far the largest social networking system and the most targeted by cybercrimnals, has a major problem in the form of its app system," it says.

To combat this, the report suggests Facebook could learn a lesson from mobile phone makers such as Apple, which operates strict controls over what applications are available for users of its iPhone and iPad platforms to download.

"A 'walled garden' approach may be more suitable," the report says. "This is the way the Apple App Store operates, with applications requiring official approval before they can be uploaded to the site and shared with other users."

Continue reading the main story

"Start Quote

A 'walled garden' approach may be more suitable."

End Quote Sophos 2011 Security Threat Report

Although such an approach would potentially screen users from fraudulent applications, it would not be without its problems, however. Apple's own process has come in for criticism in the past for its seemingly arbitrary rules that resulted in the banning of some applications - such as dictionaries - while other similar ones were allowed through.

Alternatively, Sophos says, the world's biggest social network could offer more detailed controls over security, allowing them to decide more easily which applications can run on their profile.

But Facebook says that it already does this.

"We have built extensive controls into the product, so that now when you add an application it only gets access to very limited data and the user must approve each additional type of data," the company said in a statement.

"We make sure that we act swiftly to remove [or] sanction potentially bad applications before they gain access to data, and involve law enforcement and file civil actions if there is a problem."

It also says that its own data suggests Sophos has exaggerated the problem.

"As a result of our efforts, the data we have on interactions of more than 500 million people using Facebook shows that spam, malware and other attacks have decreased in their effectiveness�the opposite conclusion reached by a security vendor."

Curiosity trap

The advice comes just a day after Facebook made a U-turn on a new feature which exposed the the telephone numbers and home addresses of users to anyone building applications.

The change, which the company said was intended to "streamline" information sharing was suspended after complaints that it was ripe for abuse.

As well as highlighting problems with Facebook, the Sophos report also analysed a number of other security trends it said would increase over the coming months. These include:

Search engine poisoning: a method by which criminals attempt to trick Google and other search engines into prominently featuring malicious websites. Often using major news events as cover, the fraudsters fool users into visiting sites that subject their computers to attack

Clickjacking: A scheme that hides malicious code inside a link pretending to be something else, often purporting to be a link to a picture or joke. Such attacks can spread rapidly through networks like Facebook and Twitter.

Spearphishing: Highly targeted spam aimed at eliciting specific details from an individual.

"Cybercriminals prey on our curiosity and perhaps our vulnerability and gullibility, and use psychological traps to profit from unsuspecting technology users," concludes the report.

Webmaster Forum | SEO Forum | Coding Forum | Graphics Forum

Semi-autonomous 'road train' trials get rolling

18 January 2011 Last updated at 07:13 ET By Mark Ward Technology correspondent, BBC News

Technology that links vehicles into "road trains" that can travel as a semi-autonomous convoy has undergone its first real world tests.

The trials held on Volvo's test track in Sweden slaved a single car to a lorry to test the platooning system.

Trains of cars under the control of a lead driver should cut fuel use, boost safety and may even cut congestion.

Project researchers believe platoons of cars could be travelling on Europe's roads within a decade.

Highway code

The road train test was carried out as part of a European Commission research project known as Sartre - Safe Road Trains for the Environment.

Video of the trial shows the test car travelling behind a lorry and then handing over control to that leading vehicle via in-car controls.

Once the lead vehicle is in charge, the driver of the car is seen taking his hands off the wheel, reading a newspaper and sipping coffee as the journey proceeds.

This is because commands to steer, speed up and slow down all come from the driver of the lead vehicle. Cars also keep an eye on their position relative to other vehicles in a platoon to ensure they keep a safe distance.

In the final system lots of cars could be slaved to a lead vehicle and travel at high speed along specific routes on motorways.

The successful test was a "major milestone" said Tom Robinson, Sartre co-ordinator at engineering firm Ricardo.

Trial participant Eric Coelingh, an engineering specialist at Volvo Cars, said: "We are very pleased to see that the various systems work so well together already the first time."

He said Sartre brought together technology from seven firms in four different countries.

The technology behind the Sartre system could be in use in a few years, however, it may take much longer for European member nations to pass laws that allow it to be widely used.

Webmaster Forum | SEO Forum | Coding Forum | Graphics Forum

Apple makes record $6bn profits

18 January 2011 Last updated at 18:23 ET

Apple made record profits and record revenues in the run-up to Christmas as shoppers bought more Macs, iPhones, and iPads than analysts predicted.

The company said that in the three months to 25 December, net profit was $6bn (�3.7bn) on revenues of $26.74bn.

Steve Jobs, Apple's chief executive, said in a statement: "We had a phenomenal holiday quarter."

There was no further mention of his health problems following Monday's news that Mr Jobs is taking medical leave.

While he is continuing as chief executive and will be involved in any major decisions, day-to-day running has passed to chief operating officer Tim Cook.

Apple's first-quarter profit is a 71% jump on the same period last year.

Daniel Ernst, analyst at Hudson Square Research, said: "Apple blew away earnings expectations, again. It seems to be a recurring event for these guys.

"It was across the board, top to bottom, another great quarter," he said.

The company sold 4.13 million Macs during the quarter, a 23% rise year-on-year, and 16.24 million iPhones, a leap of 86%.

iPod sales fell 7% to 19.45 million units. Apple sold 7.33 million iPads.

Shares in the company, which had fallen during the day, rose 4% in after-hours trading to about $354.

News of Mr Jobs' latest health problems came on a US public holiday, when financial markets were closed.

When markets re-opened on Tuesday, the shares immediately fell as much as 6%, but eventually closed down 2.2% in official trading.

The California-based company said that 62% of its revenues came from outside the US. In the Asia-Pacific market, which includes China, Apple said revenues almost tripled.

Medical history

Some analysts are concerned about what Mr Jobs' absence from Apple might mean for the company's future, as he has become inextricably linked with its success.

In his statement on Tuesday, Mr Jobs was very upbeat about the Apple's future. He said: "We are firing on all cylinders and we've got some exciting things in the pipeline for this year".

Despite Mr Jobs' previous ill health, the company's stock market value has approximately quadrupled in the past two years.

Continue reading the main story

Analysis

<!-- pullout-items--> <!-- pullout-body-->

A quite extraordinary performance by Apple - but that is what we have come to expect as the company plays its traditional guessing game with Wall Street.

Each quarter Apple is cautious when guiding on future earnings - so the analysts pencil in a higher figure. This time their consensus was that revenues would come in at around $24bn - and now we know the final figure was a record-breaking $26.7bn.

In a statement Steve Jobs, whose health is again a concern, acclaimed what he described as a "phenomenal holiday quarter". It is difficult to argue, with revenues and profits up nearly three quarters on a year ago, and record sales of iPhones, iPads and Macs.

But Tim Cook, standing in while the CEO is away, stressed that the company still has big ambitions for further growth, notably in the computer and mobile phone markets.

The one figure that really stood out was Apple's huge cash pile - now $60bn. Funnily enough, that was the last extraordinary valuation put on Facebook. Perhaps Apple might like to buy the social network? Or maybe not.

<!-- pullout-links-->

In late 2008 to mid-2009, Mr Jobs was absent from Apple for six months to have a liver transplant.

It was part of a series of treatments he has undergone for pancreatic cancer. He was first diagnosed in 2004 and underwent surgery later that year to remove a tumour from his pancreas.

"US investors are concerned about his absence," says Yair Reiner, stock analyst at New York investment firm Oppenheimer & Co.

"But the ups and downs of his health over the last couple of years have allowed investors to partly discount his departure into the price of their shares."

In an e-mail to staff, Mr Jobs said he would be back at work as soon as he could.

The letter "leaves everything to the imagination" said Mr Reiner, adding that the company had provided no guidance as to whether it would be a short break or the prelude to a permanent departure.

Mr Cook has run the company in the past during Mr Jobs' absence.

According to Mr Reiner, markets have a lot of confidence in the management abilities of Mr Jobs' stand-in, although he has not yet had the opportunity to demonstrate whether he can provide the same visionary leadership as his boss.

Mr Jobs' health issues come as Apple is rumoured to be preparing to launch the second version of its iPad - the successor to the tablet computer it launched in 2010.

With the product line-up for the next two to three years already set, Mr Reiner said that the real impact of a permanent departure of the Apple head would only be felt some years down the line.

Webmaster Forum | SEO Forum | Coding Forum | Graphics Forum