Take a Virtual, Interactive Tour 

Facebook, Cyber Security

4 Min Read

Facebook still has some bad apps misusing user data..

CanaryTrap, a technique by academics from the University of Iowa. Revolves around the concept of a honeytoken.

Data Security - Blue Color Text on Dark Digital Background.
Honeytokens represent fake data, tokens, or files that IT peeps scatter across their network. When the data is tempered with the IT admins at the time can detect any malicious activity.

How it relates to CanaryTrap the honeytokens were unique email addresses that academics used to register Facebook accounts. (See where this is going?)

After registering an account, the researchers installed one of many Facebook apps, messed with it for 15 minutes after that they uninstalled the accounts.

Researchers monitored the honeytoken email inbox. If the inbox received any new emails, then there was third party data being shared.

The academic team reportedly tested about 1,024 Facebook apps using the CanaryToken technique. They have identified 16 apps that did share email addresses with third-parties.

With these 16 apps, only nine apps actually state they had a relationship with the email sender. The other seven apps did not state they shared user data with other parties.

CanaryTrap, research, and associated tools is all available on GitHub.  "to help independent watchdogs detect misuse of data shared with third-party apps without needing cooperation from online social networks."

Facebook has sued several developers even changing its Terms of Service and making sure they have more power to enforce their rules.

Facebook is cooking up new terms to limit the information developers can share with third parties without receiving consent from users. To also make sure developers understand they must safeguard user data if they wish to use Facebook's platform and user-base for their own goals.

Personally I dislike Facebook due to how they made that big leak with their third-party which leaked millions upon millions of user's data for every thieving black hat to grab and sell on forums. At least knowing they are actively trying to prevent user data from being misuse helps my opinion on them.

Want to fight cyber criminals every day? Find out more about our cyber security degrees offered at https://www.uat.edu/cyber-security-degrees


GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their ...
Picture of Micah Turpin Micah Turpin 4 Min Read

Golang the new standard for malware langauge?

In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.

VMware vulnerability leaves about 6,700 servers ripe for the picking.

VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire ...