Feeds

Undead deleted photos linger on social networking websites

We're coming to embarrass you, Barbara!

Combat fraud and increase customer satisfaction

That embarrassing party shot of you and that hot dog may still come back to haunt you - photos posted on social networking websites can often be easily viewed even after users attempt to delete them, according to a study by security researchers at the University of Cambridge.

Researchers posted photos on 16 social networking and Web 2.0 websites, keeping a careful record of the URL associated with the photos, before deleting the images. Even after this supposed deletion the researchers were able to find the photos on seven of the 16 websites a month later, simply by visiting the web location associated with the image.

The problem arises because sites often fail to remove image files from their photo servers after they are deleted from the main website.

Photo-sharing sites such as Flickr and Google's Picasa, as well as Microsoft's Windows Live Spaces, removed content from its servers upon deletion. But photos posted on sites including Facebook lingered in caches, even after images were removed from a user's profile. Other offenders include MySpace and Bebo.

A summary of the study - entitled Attack of the Zombie Photos - can be found here.

Joseph Bonneau, one of the PhD students involved in the study, criticised a "lazy approach" to user privacy by some social networking websites, which could be in violation of data protection rules banning the retention of personally-identifiable data for longer than necessary.

However, a spokesman for Facebook said that the site does delete photos from its systems once users remove them from their profile, claiming that images were only available because they were cached elsewhere.

A Facebook spokesman told the BBC: "URLs to photographs may continue to exist on the Content Delivery Network (CDN) after users delete them from Facebook, until they are overwritten. Overwriting usually happens after a short period of time."

The issue, much like the easy availability of supposedly deleted posts to micro-blogging website Twitter, serves as a further wakeup call to Web 2.0 fans that information posted onto social networking sites often isn't removed by simply deleting it. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.