JM TUAZON, GMA News
05/17/2011 | 12:30 PMFollowing a security blunder that inadvertently leaked users' personal information access to third parties, social networking giant Facebook has urged developers to migrate to a new authentication system for their applications by September.
In a blog post, Facebook outlined in its updated developer roadmap the planned migration to OAuth 2.0, an open-standard authentication system co-authored with Yahoo, Twitter, Google, and other web companies.
The company said that by September 1, "all apps must migrate to OAuth 2.0 and expect an encrypted access token."
Access tokens act as spare keys to profile pages granted by users to any Facebook application, giving them the ability to perform certain actions on behalf of the users.
It was discovered by security firm Symantec that some Facebook IFRAME applications inadvertently leaked these access tokens to third party users including advertisers and analytic platforms, giving them the liberty to mine personal information from users' profile pages.
Facebook said it has determined OAuth to be a mature standard being applied by a number of players in the industry, and that it has been "working with Symantec to identify issues in our authentication flow to ensure that they are more secure."
"This has led us to conclude that migrating to OAuth & HTTPs now is in the best interest of our users and developers," it added.
Facebook earlier introduced a feature that will let users browse the social networking site over HTTPS, a secure protocol for accessing websites that encrypts communication between users and the server.
"As the web evolves, expectations around security change. For example, HTTPS —once a technology used primarily on banking and e-commerce sites—is now becoming the norm for any web app that stores user information," it added.
It has also made efforts to beef up its user login security by implementing a two-factor authentication system that requires users to enter a code sent to their mobile phones for verification before login.
Ironically, Facebook is recently embroiled in an alleged smear drive to discredit fierce rival Google's upcoming social platform, Social Circle, for security and privacy flaws.
"Social Circle was designed to scrape private data and build deeply personal dossiers on millions of users—in a direct and flagrant violation of [Google's] agreement with the FTC," according to a pitch made to journalists by a representative from Burson-Marsteller, the PR firm Facebook hired to raise their privacy concerns to the public. — RSJ, GMA News
No comments:
Post a Comment