Recently there were some risks discovered in an ActiveX control used by Facebook and a few other sites. Now I've learned about a new and potentially more dangerous risk at Facebook.
The risk is information leakage. In case you aren't aware of this yet, when someone creates an account at Facebook and posts information about themselves that information was, until very recently, permanent. That is to say, you could create a profile at Facebook but you could not delete it! Is that bizarre or what?
The risks there are fairly obvious. If anyone makes the mistake of posting information about themselves it would forever remain in the hands of Facebook. In my perspective that's gigantic security risk.
Recently a large group of Facebook users put pressure on the company to the point that they relented - sort of - and now provide a way for people to remove their accounts.
If you beg and pleed to the Facebook staff they'll consider deleting your account. But not without a caveat. As you'll learn when you read the related article over at CIO Magazine, "Even after Monday's change, Facebook's terms of use still stated: 'If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.'"
Keep this in mind when joining Facebook (I'm glad I never did, and I never will either) and be absolutely certain to read any licenses, agreements, and statements BEFORE you sign up with a social networking site. You might even consider adding something to your corporate policies that centers around social networking sites. For example, do you really want to allow employees to post information on a public site about where they work and what their roles in the company are? That could lead to a social engineering attack.
Rarely does anyone create a new social networking site just for fun. It's almost invariably done to generate revenue and mine data, and you have nearly no control at all over what happens to that data.
