I thought this WSJ article was a good example of the importance of maintaining carefully thought-out architectural control points (ACPs).
In brief, the article describes an internal Facebook investigation to address a breach of privacy issue in which third-party application developers were sending users' Facebook ID numbers to marketing and data firms.
While Facebook had previously addressed this control point through a governance mechanism (sending out Facebook ID numbers is a violation of Facebook policy), they obviously did not enforce the policy through technology.
In yet another instance of FB's cavalier approach to controlling acsess to sensitive information, they quietly acknowledged that their failure to encrypt log-in info caused major security issues for users who were accessing FB through unsecured wi-fi,i.e., any public access point like a coffee shop. All while promoting FB partnerships with mobile devices. I'm not sure which surprises me more: their attitude or that their isn't a bigger uproar which causes them to act.
ReplyDeleteValleywag post: http://gawker.com/5680843/facebook-drags-its-heels-on-your-security?skyline=true&s=i