New Facebook Tool Invites Abuse

A recent Facebook feature can be exploited to be a cyber-bullying tool in the wrong hands, a security vendor warns.

Facebook and Twitter? Why not just put a gun to your head?

Facebook's new feature – "reply to this e-mail to comment on this status" – gives attackers a way to post messages on other people's

, according to a blog by security vendor F-Secure.

These messages could include personal attacks that seem to come from a user but are actually written by someone who has compromised that person's e-mail account, for instance.

The intent of the feature is to allow Facebook users to respond directly from their e-mail when they receive e-mail notifications that include messages that have been posted to their Facebook accounts. They can respond without having to go to the Facebook site first, eliminating a step and thereby saving time.

But eliminating that step can also leave a crack in Facebook's armor, according to F-Secure security adviser for North America Sean Sullivan. Authenticating to the Facebook site before writing a reply drops out of the equation, so someone other than account holders can post. "They can put words in my mouth," he says.

If a user's e-mail account is compromised via phishing or direct hacking, spammers can respond to any Facebook notifications they come across, Sullivan says. It has posted a demonstration of how this can work here.

Facebook users can opt out of receiving the e-mail notifications altogether by adjusting their settings.

This story, "Facebook tool could be exploited by cyber-bullies," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.

This story, "New Facebook Tool Invites Abuse" was originally published by Network World.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.