I got to this by a slightly convoluted route: a tweet that led to an InfosecIsland entry that led to a ZDNet article by Zack Whittaker, called January 2011: The Definitive Facebook Lockdown Guide in several parts.
- Gallery guide 1: Secure your profile page
- Gallery guide 2: Secure your account settings
- Gallery guide 3: Secure your privacy settings
- Gallery guide 4: Secure the miscellaneous bits
Tip of the hat to Ken Bechtel and Dave Marcus, who also flagged it.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Check Chain Mail and Hoaxes 
It might be useful–if it weren’t for the fact that you seem to have to be logged on the Facebook in order to access the article.
At least, I think that’s why I get some kind of weird looping demand that I “check in at the ZDNet iGeneration blog” which then sends me back to the introduction, and as soon as you try to read some of the actual article you get this weird looping demand … I even signed up for ZDNet, and it still won’t let me see the article.
By: Rob Slade on January 5, 2011
at 7:18 pm
That’s weird. Doesn’t work like that for me. Hang on, I’ll have to do some testing. 😦
By: David Harley on January 5, 2011
at 7:31 pm
I can’t duplicate that effect. Works for me on IE 8 on a machine with no FB log-in and on a Macbook running Safari. I just click on a photo in the ribbon and up comes the screenshot.
By: David Harley on January 5, 2011
at 7:42 pm
Tried it again, sooms to be working now. Don’t know what happened before.
(Probably the Facebook non-privacy fairy 🙂
By: Rob Slade on January 5, 2011
at 8:21 pm
Yep, that would be the Not-Altogether-Good Fairy Zuckerberg. 😀
By: David Harley on January 5, 2011
at 8:52 pm
[…] posted this on my “Check Chain Mail and Hoaxes” blog a couple of days ago, Category: […]
By: Facebook Security Lockdown Guide | Security Antivirus Virus on January 7, 2011
at 1:12 pm
[…] the same airport or hotel. Could be a good time to check your settings using the Lockdown Guide I blogged about […]
By: More on Facebook Privacy… « Check Chain Mail and Hoaxes on January 7, 2011
at 1:20 pm
[…] 1) A story from today (January 16th) by Sophos’ Graham Cluley, who notes in “Rogue Facebook apps can now access your home address and mobile phone number“. Missed the announcement on FB? Me too… I don’t make that sort of information available, but if you do, you might want to reconsider. Clearly, Facebook is not to be trusted with any sensitive data. If that is news to you, check your settings! […]
By: Facebook anti-privacy, scams and lurve… « Check Chain Mail and Hoaxes on January 16, 2011
at 6:43 pm
The ZDNet article allows social plugin widgets. If you have a Facebook account, by virtue of viewing the article, you are thusly datamined.
These are the current bane of Browser security since there is no way to block them even if one blocks first and third party cookies and uses a Hosts file, etc.
Great article, though.
By: Randy Knobloch on January 17, 2011
at 8:05 pm
[…] posted this on my "Check Chain Mail and Hoaxes" blog a couple of days ago, but so many people […]
By: Facebook Security Lockdown Guide | ESET ThreatBlog on February 3, 2011
at 4:24 am