Posted by: David Harley | January 5, 2011

Facebook Security Guide

I got to this by a slightly convoluted route: a tweet that led to an InfosecIsland entry that led to a ZDNet article by Zack Whittaker, called January 2011: The Definitive Facebook Lockdown Guide in several parts.

Tip of the hat to Ken Bechtel and Dave Marcus, who also flagged it.

ESET Senior Research Fellow


  1. It might be useful–if it weren’t for the fact that you seem to have to be logged on the Facebook in order to access the article.

    At least, I think that’s why I get some kind of weird looping demand that I “check in at the ZDNet iGeneration blog” which then sends me back to the introduction, and as soon as you try to read some of the actual article you get this weird looping demand … I even signed up for ZDNet, and it still won’t let me see the article.

    • That’s weird. Doesn’t work like that for me. Hang on, I’ll have to do some testing. 😦

      • I can’t duplicate that effect. Works for me on IE 8 on a machine with no FB log-in and on a Macbook running Safari. I just click on a photo in the ribbon and up comes the screenshot.

  2. Tried it again, sooms to be working now. Don’t know what happened before.

    (Probably the Facebook non-privacy fairy 🙂

  3. Yep, that would be the Not-Altogether-Good Fairy Zuckerberg. 😀

  4. […] posted this on my “Check Chain Mail and Hoaxes” blog a couple of days ago, Category: […]

  5. […] the same airport or hotel. Could be a good time to check your settings using the Lockdown Guide I blogged about […]

  6. […] 1) A story from today (January 16th) by Sophos’ Graham Cluley, who notes in “Rogue Facebook apps can now access your home address and mobile phone number“. Missed the announcement on FB? Me too… I don’t make that sort of information available, but if you do, you might want to reconsider. Clearly, Facebook is not to be trusted with any sensitive data. If that is news to you, check your settings! […]

  7. The ZDNet article allows social plugin widgets. If you have a Facebook account, by virtue of viewing the article, you are thusly datamined.

    These are the current bane of Browser security since there is no way to block them even if one blocks first and third party cookies and uses a Hosts file, etc.

    Great article, though.

  8. […] posted this on my "Check Chain Mail and Hoaxes" blog a couple of days ago, but so many people […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: