Comments on: Facebook Applications Aren’t Always Your Friends http://davefleet.com/2008/01/facebook-applications-aren-always-your/ Exploring the intersection of communications, marketing and social media Wed, 07 Jan 2009 14:15:12 +0000 http://wordpress.org/?v=2.7 hourly 1 By: Ken Smith http://davefleet.com/2008/01/facebook-applications-aren-always-your/comment-page-1/#comment-1515 Ken Smith Mon, 26 May 2008 17:08:19 +0000 http://davefleet.com/?p=84#comment-1515 Sorry, just now discovered this request for dialog, nearly six months later :-(. The fundamental issue isn't Facebook apps, but rather, dangerous third-party content that gets distributed through ad networks. (I should hasten to say that Zango's software does NOT fall into this category.) The problem exists any time you visit a website that links to a third-party ad network that doesn't do a great job of scrubbing its advertisers. A LOT of hackers now have accounts on second or third tier ad networks, and they place exploit code on sites that their "ads" redirect to. Most ad networks are pretty good about cleaning stuff like this up, but I've run into some that simply ignore any reports of problems with their advertisers. IMO, the security community should be VERY aggressive about outing advertisers who fail to take this problem seriously. There's room for a technology solution here as well. Companies like SiteScout and their competitors can do a lot to flag potentially dangerous landing pages for review by the ad network in question. But first you have to understand what the real prolem is, and then take the problem seriously, and I don't see much sign that folks are doing either of those yet. Sorry, just now discovered this request for dialog, nearly six months later :-(.

The fundamental issue isn’t Facebook apps, but rather, dangerous third-party content that gets distributed through ad networks. (I should hasten to say that Zango’s software does NOT fall into this category.) The problem exists any time you visit a website that links to a third-party ad network that doesn’t do a great job of scrubbing its advertisers. A LOT of hackers now have accounts on second or third tier ad networks, and they place exploit code on sites that their “ads” redirect to. Most ad networks are pretty good about cleaning stuff like this up, but I’ve run into some that simply ignore any reports of problems with their advertisers. IMO, the security community should be VERY aggressive about outing advertisers who fail to take this problem seriously.

There’s room for a technology solution here as well. Companies like SiteScout and their competitors can do a lot to flag potentially dangerous landing pages for review by the ad network in question. But first you have to understand what the real prolem is, and then take the problem seriously, and I don’t see much sign that folks are doing either of those yet.

]]> By: Dave Fleet http://davefleet.com/2008/01/facebook-applications-aren-always-your/comment-page-1/#comment-146 Dave Fleet Mon, 14 Jan 2008 06:30:33 +0000 http://davefleet.com/?p=84#comment-146 Hi Ken, I'm impressed that you keep an eye out for posts talking about your company. Thanks for the link bait. I'd be interested to hear your thoughts on how this kind of situation can be avoided, and perhaps how Facebook apps could be improved to avoid harming both consumers and companies. Dave Hi Ken,

I’m impressed that you keep an eye out for posts talking about your company. Thanks for the link bait.

I’d be interested to hear your thoughts on how this kind of situation can be avoided, and perhaps how Facebook apps could be improved to avoid harming both consumers and companies.

Dave

]]> By: Ken Smith http://davefleet.com/2008/01/facebook-applications-aren-always-your/comment-page-1/#comment-145 Ken Smith Sat, 12 Jan 2008 08:40:24 +0000 http://davefleet.com/?p=84#comment-145 For more details about the great deal of silliness that's been written about this, see my blog posting at: http://smithkl42.blogspot.com/2008/01/deconstructing-socially-generated.html Ken Smith CTO, Zango For more details about the great deal of silliness that’s been written about this, see my blog posting at:

http://smithkl42.blogspot.com/2008/01/deconstructing-socially-generated.html

Ken Smith
CTO, Zango

]]>