Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Inside Facebook's Cyber-Security System

samzenpus posted more than 2 years ago | from the anti-social-network dept.

Cloud 63

An anonymous reader writes "The Facebook Immunity System (FIS) processes and checks 25 billion actions every day, or 650,000 actions every second. The social networking giant's cybersecurity system was developed over a three-year period to keep the service's users safe from spam and cyberattacks. FIS scans every click on Facebook for patterns that could suggest something malicious is spreading across the social network."

cancel ×

63 comments

Sorry! There are no comments related to the filter you selected.

And it doesn't work. (2, Informative)

NoobixCube (1133473) | more than 2 years ago | (#37863272)

Numerous pages I've liked incessantly spew spam at me, my mother keeps getting messages from "facebook security" or some variation thereof, asking her to confirm her password.

Re:And it doesn't work. (5, Insightful)

syousef (465911) | more than 2 years ago | (#37863376)

Numerous pages I've liked incessantly spew spam at me, my mother keeps getting messages from "facebook security" or some variation thereof, asking her to confirm her password.

I'm not aware of any security system that can prevent external sites from spamming their users. Of course it doesn't help if a company plays fast and loose with your privacy allowing attackers to discover the user base and target them. But as much as I hate Facebook lately, i can't see how you can expect their security system to prevent others from sending your mother email. There are many much more legitimate concerns with Facebook to address, so let's not get into irrationalities and hysterics about things we can't expect them to fix.

Re:And it doesn't work. (3, Interesting)

NoobixCube (1133473) | more than 2 years ago | (#37863404)

Just saying, if they really want to protect their users, they can do some regular expressions voodoo on their messaging system. If Gmail can recognise phishing and spam, why can't Facebook?

Re:And it doesn't work. (1)

syousef (465911) | more than 2 years ago | (#37863438)

Just saying, if they really want to protect their users, they can do some regular expressions voodoo on their messaging system. If Gmail can recognise phishing and spam, why can't Facebook?

Okay if you're talking about messages within Facebook I see what you're saying. I don't get anything significant fhrough Facebook itself. What I do see is lots of fishing spam in my email that purports to be from Facebook but isn't. Not much they can do about SMTP mail.

Re:And it doesn't work. (1)

Billlagr (931034) | more than 2 years ago | (#37863804)

Indeed..and banks, ebay, the Post Office, lotteries, and so on. Not much FB can do about those type of scams.

Re:And it doesn't work. (1)

ThatsMyNick (2004126) | more than 2 years ago | (#37863842)

No one would believe that their bank (or ebay or lottery) send them a facebook message, but it is very likely for facebook to send them a facebook message asking them to verify their identity. So yeah it makes sense and it is possible for facebook to parse the message and warn you.

Re:And it doesn't work. (1)

Billlagr (931034) | more than 2 years ago | (#37863902)

SMTP. Outside FB.

What I do see is lots of fishing spam in my email that purports to be from Facebook but isn't. Not much they can do about SMTP mail.

Re:And it doesn't work. (1)

ThatsMyNick (2004126) | more than 2 years ago | (#37865590)

And I was pointing out to you that GP and GGP were talking about Facebook messages (which could be sent by SMPT, but still would have to be processed by facebook before you view it). Facebook has complete control over these and could and should filter phishing attempts.

Re:And it doesn't work. (0)

Anonymous Coward | more than 2 years ago | (#37866572)

Polite disagreement. Quite a number of people would believe that their bank (or ebay or lottery) would send them a facebook message. To them it is no more or less a surprise than any other type of computer contact.

It even makes a kind of sense for them: Everybody seems to be on Facebook these days, so why wouldn't their bank move into FB, the same way it moved into other online methods in recent years?

Re:And it doesn't work. (1)

NoobixCube (1133473) | more than 2 years ago | (#37873780)

To make matters worse, some banks even have pages you can like, making it more plausible they'd contact you on Facebook.

Re:And it doesn't work. (1)

schlachter (862210) | more than 2 years ago | (#37873656)

You didn't make it clear that she was receiving these bogus requests through the Facebook messaging system. That's a different story. Your original comment implied that she was receiving emails that were trying to spoof official Facebook emails.

Re:And it doesn't work. (1)

NoobixCube (1133473) | more than 2 years ago | (#37873758)

If I'd meant emails, I'd have said emails. I'm honestly surprised so many people in this thread had trouble with that.

Re:And it doesn't work. (1)

History's Coming To (1059484) | more than 2 years ago | (#37863534)

"But as much as I hate Facebook lately, i can't see how you can expect their security system to prevent others from sending your mother email."

You're seriously suggesting that they shouldn't bother with national and international level data protection laws because it might be a bit tricky? Wow.

Re:And it doesn't work. (2)

syousef (465911) | more than 2 years ago | (#37864180)

"But as much as I hate Facebook lately, i can't see how you can expect their security system to prevent others from sending your mother email."
You're seriously suggesting that they shouldn't bother with national and international level data protection laws because it might be a bit tricky? Wow.

Explain to me how on earth international data protection laws require Facebook to prevent random fishing attacks that use databases gathered from a wide variety of sources, and infrastructure that Facebook does not control? If Facebook lost, leaked or sold the data, I can see the problem and they should be held accountable. If someone got hold of your name and email address elsewhere and sent you a message that looked like it came from Facebook, it's not just "a bit tricky". I don't see what they can do.

Re:And it doesn't work. (1)

Bucky24 (1943328) | more than 2 years ago | (#37864714)

No, that's not what GP was suggesting at all. GP was suggesting that Facebook has no way to police every single email you receive (though weren't they discussing making Facebook email? They could police that). I'm rather glad in fact that Facebook can't do this. I can only imagine how much more data about me they would be able to glean if they could read all my email.

Re:And it doesn't work. (0)

Anonymous Coward | more than 2 years ago | (#37865410)

You took the time to quote, please also read what you quoted.

Re:And it doesn't work. (1)

Anonymous Coward | more than 2 years ago | (#37864036)

I've been getting the same messages this week and I'm not a member of Facebook and have never logged on.

Re:And it doesn't work. (1)

girlintraining (1395911) | more than 2 years ago | (#37864844)

so let's not get into irrationalities and hysterics about things we can't expect them to fix.

Except many of the problems are the direct result of Facebook's monetization of personal data. It's disengenuous to say we can't expect them to fix the problem. The problem is quite easy to fix... it simply requires Facebook find other sources of revenue. But alas, I forget my place -- as the CEO of US Bank recently said, corporations have a right to profits. And hey, if a few billion pieces of spam is the price we pay for their profit, well that's just tough. Spam follows money. No money = no spam. The solution to this class of social maladies has always been the same: make it cost more than the benefit. And as Facebook is a self-contained system and not a decentralized architecture, like say, the hundreds of thousands of mail servers located throughout the world, the cost of making the necessary infrastructure changes is very low indeed.

Re:And it doesn't work. (1)

Babylon22 (2498216) | more than 2 years ago | (#37907282)

I can relate to that. Sometimes, even though not too often, I receive spam on my facebook nickname ( which is different than my real name). ~ Babylon Lingerie http://www.babylonlingerie.com/ [babylonlingerie.com]

Inside AC's Frost-Posting System (0, Funny)

Anonymous Coward | more than 2 years ago | (#37863284)

An anonymous corksoaker writes

  "The Slashdot Human Intelligence Test (SHIT) processes and checks 25 billion first posters every day, or 650,000 frosties per second. The gay networking giant's cybersecurity system was developed over a three-year period to keep the service's gay users safe from first posts and flamebaits. SHIT scans every click on Slashdot for patterns that could suggest computer generated posts are spreading across the gay network."

Segmentation Fault (core dumped)

Re:Inside AC's Frost-Posting System (1)

Frosty Piss (770223) | more than 2 years ago | (#37863854)

...or 650,000 frosties per second.

I assure you, there is only one Frosty.

It does not work.. (4, Funny)

Lumpy (12016) | more than 2 years ago | (#37863298)

It has not detected any of the Zynga games at all.

Re:It does not work.. (1)

syousef (465911) | more than 2 years ago | (#37863416)

It has not detected any of the Zynga games at all.

What you really need is a filter for stupid, but I'm afraid there's no such animal.

Re:It does not work.. (1)

Fluffeh (1273756) | more than 2 years ago | (#37863532)

What you really need is a filter for stupid, but I'm afraid there's no such animal.

It's called evolution, but sadly it seems to take generations for visible progress and there are always offshoot branches that seem to be occupied by the stupid group.

Re:It does not work.. (1)

Anonymous Coward | more than 2 years ago | (#37863744)

Evolution doesn't favor smart or stupid. If stupid is more likely to produce offspring, then stupid is an evolutionary advantage and intelligence is a disadvantage.

Re:It does not work.. (1)

Neil Boekend (1854906) | more than 2 years ago | (#37867082)

As it is: assuming smart people get an education and start a carreer (wich is normal in most of the developed world) they postpone getting kids, sometimes indefinately. Therefore stupid people have more time to procreate and thus they will on average have more children.
Ergo: stupid is an evolutionary advantage.

Re:It does not work.. (1)

JonySuede (1908576) | more than 2 years ago | (#37863546)

Aren't Zynga games retrofit-able as a stupid detector, that could serve as the basis for the stupid filter ?

Re:It does not work.. (1)

Colonel Korn (1258968) | more than 2 years ago | (#37864046)

It has not detected any of the Zynga games at all.

What you really need is a filter for stupid, but I'm afraid there's no such animal.

The Zynga games are a great filter for stupid.

Exploits in every dimension... (0)

Anonymous Coward | more than 2 years ago | (#37863486)

I do not know about security but they still have very exploitable user interfaces... Like you can go to forgot password page, and have facebook send "I forgot my password" e-mails to anyone, without any confirmation - like you can go there and type john in the username and spam his e-mail. Multiple times a day...

Re:Exploits in every dimension... (0)

Anonymous Coward | more than 2 years ago | (#37866852)

well how else should it be?

I dont like that it automatically shows your profile picture if you get the email right though

ignorant hypocrites. (1)

MichaelKristopeit506 (2495010) | more than 2 years ago | (#37863490)

anything truly malicious would be designed to portray patterns that would suggest it wasn't malicious.

Re:ignorant hypocrites. (1)

Anonymous Coward | more than 2 years ago | (#37863580)

unless it was deliberately not portraying patterns that would suggest it wasn't malicious so that you would think it wasn't.

Re:ignorant hypocrites. (1)

MichaelKristopeit506 (2495010) | more than 2 years ago | (#37864084)

you're an idiot.

Re:ignorant hypocrites. (0)

Anonymous Coward | more than 2 years ago | (#37864088)

no u.

Re:ignorant hypocrites. (1)

MichaelKristopeit506 (2495010) | more than 2 years ago | (#37864372)

no ur mum's face. cower in my shadow some more, feeb.

you're completely pathetic.

Re:ignorant hypocrites. (0)

Anonymous Coward | more than 2 years ago | (#37864522)

you're completely predictable.

Re:ignorant hypocrites. (1)

MichaelKristopeit506 (2495010) | more than 2 years ago | (#37864630)

ur mum's face're completely predictable.

why do you cower in my shadow? what are you afraid of?

you're completely pathetic.

Re:ignorant hypocrites. (0)

Anonymous Coward | more than 2 years ago | (#37864934)

ur tiny penis is pathetic. why do you cower in the shadow of my giant cock?

are you afraid it will make you look like the goatse guy? don't worry I have a whole bottle of KY.

Re:ignorant hypocrites. (1)

MichaelKristopeit350 (1968134) | more than 2 years ago | (#37869146)

i do not cower in the shadow of anything.

you're an ignorant hypocrite.

cower in my shadow some more, feeb.

you're completely pathetic.

It prevents me from finding Beta Testers (4, Informative)

MichaelCrawford (610140) | more than 2 years ago | (#37863706)

From time to time I would post a link to the Beta Testing [dulcineatech.com] announcment for my iOS App. After a while Facebook would not allow me to post the link anymore, claiming that it was abusive.

A friend of mine who uses Facebook quite a lot had to sign up for a second account because her first account kept getting censored. She was not doing anything the least bit abusive, just using Facebook a lot to keep in touch with her friends.

Re:It prevents me from finding Beta Testers (0)

Anonymous Coward | more than 2 years ago | (#37863770)

A friend of mine who uses Facebook quite a lot had to sign up for a second account because her first account kept getting censored. She was not doing anything the least bit abusive, just using Facebook a lot to keep in touch with her friends.

Ah, actually using Facebook beneficially instead of just posting random things and clicking on advertising -- I bet she even refused to rat-out her friend's physical location. Tisk tisk, you and I both know that's not how Facebook wants to be used... No wonder she got b&.

Re:It prevents me from finding Beta Testers (1)

wmbetts (1306001) | more than 2 years ago | (#37864524)

I recently started a fan page for WoWs new expansion pack and I'm building a new community around it. I hadn't used facebook previously to this, but figured it was a good way to build a user base before I actually got the site launched. I'd recommend you doing the same thing for your iOS app. They seem to be a little more liberal in regards to posting your sites link to the fan page.

Re:It prevents me from finding Beta Testers (4, Informative)

GWBasic (900357) | more than 2 years ago | (#37865388)

You can mark posts from other people as abusive. Perhaps your friend needed to unfriend someone who didn't like what she had to say?

Correction... (1)

msauve (701917) | more than 2 years ago | (#37863778)

"FIS scans every click on Facebook for patterns that could suggest something malicious is spreading across the social network."

Let me fix that: FIS scans every click on Facebook for patterns that could collect more personal information about users which might add to revenue.

Investigation: Facebook still doesn't get it (2)

tomhudson (43916) | more than 2 years ago | (#37864138)

In a one-hour look at Facebook and privacy, CBC's Doczone [www.cbc.ca] identified Facebook as the worlds #1 site for scammers and other illegal activity.

Facebook Follies is a one-hour documentary that takes a look at the unexpected consequences of people sharing their personal information on social media. Viewers meet people who lost their jobs, their marriages, their dignity, or who even ended up in jail - all because of their own or someone elseâ(TM)s Facebook posting. To give a broader context to the events, these stories are intercut with reflections from experts in the areas of social change, internet security and contemporary media.

If you missed it, it's also on again tomorrow night.

Other interesting points - researchers made an account for a plastic frog, and invited a couple of hundred random people to friend it - most did, sharing their contacts, personal info, etc., with a PLASTIC FROG! And they really do nail what facebook really is
For users - a large MMORPG where the object is to collect as many friends as possible
For facebook - a way of getting people to give it up to advertisers.

Re:Investigation: Facebook still doesn't get it (2)

Amorymeltzer (1213818) | more than 2 years ago | (#37865220)

This reminds me of the (semi) recent story [slashdot.org] about how CraigsList is a "cesspool of crime" and, more specifically, CL's response [craigslist.org] .

AIM group “documents” 330 crimes that it says occurred in connection with use of CL in the US over a 12 month period. Sounds scary until you compare that number to the 570 million classified ads posted by 100 million or more US craigslist users during that same time span, generating literally BILLIONS of human interactions, many involving face-to-face meetings between users who do not know one another...[snip]

James Temple at the SF Chronicle is reporting that, in terms of crime rate, or incidence of crime, craigslist is roughly 11,000 times safer than the city of Oakland. And as he has now updated, there is no reason to pick on his hometown of Oakland, the 11,000x incidence ratio would likely apply to any major city in the US.

Sure, some stinkers get through and sure, a lot of bad things happen on Facebook, but given 25 billion actions a day, an immensely low rate of incidence will give a very high number of incidents. Roswell, NM [wikipedia.org] has a much higher murder rate than New York City [wikipedia.org] (even after accounting for aliens, I hear) but we don't talk about all the murder in New Mexico.

Re:Investigation: Facebook still doesn't get it (1)

tomhudson (43916) | more than 2 years ago | (#37870042)

It's not the number of interactions that counts - it's the number of people affected. We can fake the same stats by claiming air travel is safer by looking at accidents per passenger-mile, as opposed to accidents per passenger-hour. By passenger-hour, buses are 3x safer than airplanes.

Even on a per-passenger-mile basis, because superhighways are 4x safer per mile than the average car journey, you're half as likely to be killed in a highway crash than in an airplane crash on a per-hour basis.

And if you took airplanes for all those short trips (less than 100km) that you take a car, you'd be exposed to many more hours in the "fatality zone" - landings and take-offs - so your deaths per km would also be worse for air travel than for a car on the highway.

So, just because facebook has a low "per transaction" incidence doesn't mean that it's not the #1 place to get scammed, because the number of transactions increases your risk to more than make up for the lower per-transaction risk.

Re:Investigation: Facebook still doesn't get it (1)

DragonWriter (970822) | more than 2 years ago | (#37871526)

It's not the number of interactions that counts - it's the number of people affected. We can fake the same stats by claiming air travel is safer by looking at accidents per passenger-mile, as opposed to accidents per passenger-hour.

Uh, how is using the actually relevant statistics "faking" anything?

By passenger-hour, buses are 3x safer than airplanes.

Which would only be a meaningful comparison if people made travel mode decisions with a fixed travel time in mind, rather than a fixed destination in mind.

So, yeah, if your concern is "which is the safer mode of transportation for a voyage with an embarked time of 1 hour", that has some meaning.

But usually travel mode decisions are made with origin and destination fixed, not embarked time fixed.

Re:Investigation: Facebook still doesn't get it (1)

tomhudson (43916) | more than 2 years ago | (#37871902)

The point was that the airline industry has falsely claimed that air travel is the safest, when bus travel is safer, both by hours and by distance. So their claims are false no matter which way you slice them.

Add to that the fact that buses are MUCH more energy-efficient in terms of person-mile. And that the "air travel is safer" also ignores the trips to and from the airport as part of the overall package.

It's like claiming that space shuttles are the safest form of travel because they have fewer deaths per passenger mile - no matter that they're WAY more dangerous than #2 - motorcycles - in terms of users killed per trip.

Re:Investigation: Facebook still doesn't get it (1)

DragonWriter (970822) | more than 2 years ago | (#37872372)

The point was that the airline industry has falsely claimed that air travel is the safest, when bus travel is safer, both by hours and by distance.

The only comparison you refer to in GGPper mile favors airplanes, (you do refer to automobiles -- which are different than buses -- being safer than airplanes per mile if you include only those miles travelled on superhighways.)

Add to that the fact that buses are MUCH more energy-efficient in terms of person-mile.

That's a non-sequitur when the issue is passenger safety.

And that the "air travel is safer" also ignores the trips to and from the airport as part of the overall package.

This is relevant, somewhat, but also offset by the fact that per mile comparisons need to be adjusted to account for the fact that the road miles between two points are generally greater than the air miles, since airplanes can take great circle routes, but roads rarely do.

It's like claiming that space shuttles are the safest form of travel because they have fewer deaths per passenger mile - no matter that they're WAY more dangerous than #2 - motorcycles - in terms of users killed per trip.

Well, its really not. People often make a decision between different modes of travel for a trip with fixed endpoints where bus and airplane might be valid options, and where the safety of each given a trip of fixed distance would be a concern.

People rarely make decisions where the alternatives are an average (or random) space shuttle trip and an average (or random) motorcycle trip, such that per-trip comparisons of the safety of a space shuttle flight and a motorcycle would be relevant.

Comparisons between things that aren't substitutes for each other, or that don't hold the thing constant that would be constant when they are alternatives to each other are meaningless.

Re:Investigation: Facebook still doesn't get it (1)

tomhudson (43916) | more than 2 years ago | (#37872606)

First, wth is GGPper mile? And no, both buses (all scenarios combined) and cars (on superhighways) have fewer fatalities per mile traveled than airplanes.

The energy savings of the bus (and cars with more than one passenger) are not a non-sequiteur - they're a bonus.

Throw in that the airliners are also making the air much more visibly dirty over a global scale (compare how clean the air was despite increased ground traffic right after 9/11) and air travel just sucks, even without the TSA.

For negative economic impact, look no further than the serial bankruptcies of all the airlines, despite heavy subsidies and passing off other costs as externalities.

Now throw in their refusal to accept the #1 recommendation, decades old, for making crashes more survivable - having seats face rearwards - because of "style" considerations.

You really are safer doing a road trip than taking the plane - and you're better for the environment as well.

We're not tracking you... (1)

VJmes (2449518) | more than 2 years ago | (#37864146)

It's just our Facebook Immunity System making sure you're safe. Honest!

Number too low!!1! (0)

Anonymous Coward | more than 2 years ago | (#37864576)

24 hours * 60 minutes * 60 seconds = 86,400 seconds
25,000,000,000 actions / 86,400 seconds = 289,352 actions/second

If my calculations are correct, it's actually 7.62 billion actions per second.

Keeps us safe from spam? (1)

93 Escort Wagon (326346) | more than 2 years ago | (#37864954)

They must have a different definition of spam than I do. Whenever I log into Facebook, I see adds over on the right side trumpeting "overstock iPad 2s available for 90% off" and various other similar and obviously bogus offerings.

Re:Keeps us safe from spam? (1)

Neil Boekend (1854906) | more than 2 years ago | (#37867122)

That's spam that pays. They only look for spam that doesn't pay.

Fake ass security (0)

Anonymous Coward | more than 2 years ago | (#37866172)

Their so called security locked me out of my account because I logged in while on vacation in Romania. They also demanded I email them a copy of a government issued ID to prove my identity. I told them they could go fuck themselves I was not going to send them a copy of my ID so they deleted my account.

Re:Fake ass security (0)

Anonymous Coward | more than 2 years ago | (#37866928)

romania is notorious for bad users on website... that's just the way it is

One big hole (0)

Anonymous Coward | more than 2 years ago | (#37866288)

Now only if they could get it to do something about all those data miners, such as the cancer of Facebook and its like button...

Oxymoron alert! (1)

rts008 (812749) | more than 2 years ago | (#37866342)

Facebook and ANY kind of security mentioned in the same sentence?
Who are you trying to fool, but the fools?

If you expect 'cyber-security'(or ANY security on Facebook, you need to be beaten past death with a clue bat. Chlorine in the gene pool....

If only... (1)

I Read Good (2348294) | more than 2 years ago | (#37869664)

they would do something about the simple things as well. I've heard/read loads about their session hijacking problems (e.g. Firesheep). I was under the impression they didn't even have a security system/team.

Eh?! (1)

snowshell (2495332) | more than 2 years ago | (#37877374)

OMG, people actually use face-book? There was me silently thinking Google Plus + was the new hip and in thing. Social networking, it couldnt be more anti-social, have any of these people heard of Alexander Bell and a thing he invented called a Phone!

this doesn't comfort me - (0)

Anonymous Coward | more than 2 years ago | (#37879906)

now i'm more worried about these idiots

We heard of it all before (1)

wye43 (769759) | more than 2 years ago | (#37906378)

The data is analyzed in real-time in a field of exabytes and we need a magnetron to bring it down. Psssht
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>