New Facebook Tool Invites Abuse

A recent Facebook feature can be exploited to be a cyber-bullying tool in the wrong hands, a security vendor warns.

Facebook and Twitter? Why not just put a gun to your head?

Facebook's new feature – "reply to this e-mail to comment on this status" – gives attackers a way to post messages on other people's

, according to a blog by security vendor F-Secure.

These messages could include personal attacks that seem to come from a user but are actually written by someone who has compromised that person's e-mail account, for instance.

The intent of the feature is to allow Facebook users to respond directly from their e-mail when they receive e-mail notifications that include messages that have been posted to their Facebook accounts. They can respond without having to go to the Facebook site first, eliminating a step and thereby saving time.

But eliminating that step can also leave a crack in Facebook's armor, according to F-Secure security adviser for North America Sean Sullivan. Authenticating to the Facebook site before writing a reply drops out of the equation, so someone other than account holders can post. "They can put words in my mouth," he says.

If a user's e-mail account is compromised via phishing or direct hacking, spammers can respond to any Facebook notifications they come across, Sullivan says. It has posted a demonstration of how this can work here.

Facebook users can opt out of receiving the e-mail notifications altogether by adjusting their settings.

This story, "Facebook tool could be exploited by cyber-bullies," was originally published at NetworkWorld.com. Follow the latest developments in security at Network World.

Subscribe to the Daily Downloads Newsletter

Comments