Sophos calls on Facebook to implement three-point security plan

19 Apr 2011

Sophos, a security firm which often publishes warnings of online scams on its blog Naked Security, has written an open letter to Facebook recommending security changes.

The firm’s blog includes a lot on Facebook’s security issues, such as a recentTwilight rogue app and posted a warning against Facebook apps which seek out home addresses.

In the open letter, Sophos asked Facebook to address three security issues to make the social network a safer place for its users.

It asked Facebook to make privacy options a default feature, as opposed to letting information be shared without the user’s agreement.

Sophos also expressed the importance of only allowing approved third-party developers publish apps on Facebook. The firm pointed out there are already 1m app developers for the site, which has increased the risk for rogue apps greatly.

And while Sophos praised Facebook for introducing a HTTPS option for a secure connection, it condemned it for turning it off by default and only providing it ‘whenever possible.’ Sophos stated that Facebook should keep this secure connection on all the time to protect users from hackers.

“Facebook is no stranger to making headlines for all the wrong reasons when it comes to security and privacy. The Sophos three-point plan would turn Facebook into the good guys and also be a real safety step-up for its 500m users,” said Graham Cluley of Sophos Naked Security.

“Facebook is popular and successful and is not going away. So it is essential that Facebook takes proper care of its users by making their security and privacy a top priority.

“Our question to Facebook is this – why wait until regulators force your hand on privacy? Act now for the greater good of all,” said Cluley.