Facebook recently discovered a zero-day java attack roaming the internet which it happened to be one of the targets. According to Facebook officials, this attack was discovered on victimized computers belonging to Facebook engineers. The zero-day java attack was designed to download and installed a collection of unseen malware programs in victimized computers but was deciphered when a suspicious domain was found in Facebook’s Domain Name Server request log.
The perpetrators of this attack injected the code on the HTML of popular Mobile Developer web forum which tends to victimize any visitor that has java enabled on their browser.
So What Was the Target on Facebook Database, User’s Data?
Not according to Facebook Chief Security Officer, Joe Sullivan. Even when the data on the victimized computers were siphoned, including software codes, corporate data and email, the attack targeted Facebook’s production environment. So it is likely that no user data was harvested.
Does That Mean You Are Safe?
From the zero-day java attack on Facebook’s production environment? Yes, you are. But that doesn’t mean you should fold your hands and leave your protection to chance. The zero-day java exploit was launch based on java security hole and that invariably puts everybody using java enabled browsers and java plugins at risk. Additionally, even if you disable java on your browser, which may not likely work all the time as some core features in certain popular sites still require java, it could still be other utilities.
So What Should You Do?
Man up and take responsibility for your protection. While we tend to hear news about how one malware has been detected on one giant website or the other, you never know how many of the small sites you visit on daily basis contain malicious codes that may allow hackers unauthorized access to your computer under the radar. So among other things, here are some of the actions you should take:
Log out once you are done
Most of us hardly log out of the various services and products we use online, like our social and email accounts. This is a bad practice. While you may think your PC is securely hidden away from the public in your house or office, some hackers might remotely gain access to your network and use it for God knows what. Additionally, if you must use any of these services on public Wi-Fi, it is paramount you log out once you are done and ensure your pc is disconnected from the network.
Use internet security tools
There are many internet security and anti-malware tools out there. The Virus Bulletin, an independent website with information on the current performance of antimalware vendors, will help you decide on which vendor to choose for reliable protection. It is advisable to read reviews and user feedbacks on various internet security programs before making a decision.
Think twice before you share
Do you love your phone number so well that you are willing to share it on your Facebook wall, or perhaps you are so proud of your street that you don’t mind giving the address out to total strangers on Facebook in the name of networking? If you think such details are only accessible to your friends, then you need a re-read on the functions of the recent Facebook’s Graph Search – which will expose certain details about you to searchers regardless of whether they are your friends or not.
Think about it, if the zero-java exploit was designed to harvest user’s data, such details as your income status, present residential address, and phone numbers and as many of you have shared would have fallen into the hands of hoodlums who may exploit them in whichever way they desire. This is why some personal details are better sent through SMS or email, than on your Facebook wall or profile.
Beware of links from friends
You may occasionally receive links from supposedly friends asking you to view their pictures or videos outside of Facebook. While most of the modern internet security suites may provide you added security against malicious links, it is still up to you to further this protection through protective practices. I’d say it is better to avoid links that tend to take you outside of Facebook. But if you must follow such links, write your contact first requesting an insight on what might be waiting for you on the target page and make sure to have your internet protection suites active before clicking on such links.
Many websites receive tens of attacks on daily basis. If you have been online for a while now, you may have heard where popular bloggers lament on the number of login attempts they receive on daily basis – which is in hundreds! That should give you an idea on how risky it is to be online. But this is not the reason to panic… we just have to take certain measures to ensure we are protected at all times.