Monthly Archives: May 2013

‘Trusted Contact’ – Facebook’s recovery feature

Facebook rolled out a new security feature on Thursday that lets users locked out of their accounts recover their passwords with the help of trusted friends. The optional enhancement, dubbed “Trusted Contacts,” lets a Facebook user select up to five friends to receive security codes if the user cannot login to his or her account. Should a lockout arise, Facebook will send the security codes to the friends the user has selected. These keyholders can then pass along the codes to the user. “Think of it like giving your house key to a friend when you go on vacation – pick the friends you trust the most,” Facebook said. “Facebook will send codes to the friends you selected and they can pass along that information you need to access your account.” The new feature would also help in situations where a user can’t remember his or her password, and can’t get into the email address where a recovery message would typically be sent. <more>

Java hole puts IBM Lotus Notes @ risk

Highly popular enterprise email and workgroup solution IBM Notes/Domino has a huge security vulnerability that allows for installation of spyware on a client system by doing as little as opening an email. The culprit behind the vulnerability is Java again – automatic execution of JavaScript code to be more specific. As seen in the case of web pages over the last few months automatic JavaScript execution leads to compromise of systems, users who have email clients installed on systems that allow for automatic execution too are vulnerable. This is the reason almost all email clients out there have turned off JavaScript and Java when displaying an HTML email – except for IBM’s Notes. However, IBM has released advisory for this issue. <more>