So the tech newswires, blogs, and Facebook itself are alive with the horror that is the current “virus” going around – hijacking users news feeds and filling them with scenes of gore, porn, and other such.  You can’t help but wonder how different it is to some of the stuff users actively want to share themselves, but hey ho……

Anyhow, I came upon this about 2 days ago and pondered the situation – then remembered a proud announcement from a security vendor back in September at a security seminar in London.  This was followed up with some news announcements in a whole host of places including the BBC, the vendor’s community blog, and also offered to end user organisations to protect their web reputation under the brand Defensio

Straight away, you then have to ask yourself – why wasn’t it protected by their wonderful service?  In true SNAFU style, both Facebook and the vendor (ok, I’ll name them – Websense!) had been very quiet on this matter.  Maybe they are considering their response?  Maybe they are still looking into the root cause?  Either way, when Sophos seems to announce what is going on before them – with some suggestions that their software had alerted users to the problem – it isn’t too good.

But wait you say, don’t bash the poor vendor.  In fact, its not Facebook’s fault either – surely?  In information security, we are always banging on about how the biggest risk is users.  Surely, if they are stupid enough to click on these links, then they are the ones responsible – not the service provider and/or the security partner?

Well actually, you could argue that they both are.  Facebook’s entire business is built around social networking, having users share information, interests, then using that to specifically target marketing to them and ultimately “sell stuff”.  Furthermore, when your security partner makes statements such as “In this way, we are helping Facebook continue their proactive fight to keep malicious links off of their platform and allow safe use for all of its members.” then they can’t be absolved of blame – especially when the majority of the press is referring to a “link spam” issue

As is often the case with these things, there was some awareness of this kind of issue – as reiterated by Zscaler in a recent blog post.  If they were making this kind of thing public back in May then you have to ask why this wasn’t taken account of recently.  Irrespective, now that Anonymous do not appear to be the culprits (according to Bitdefender – or at least, so say the register) then the full force of the law and face book’s wrath may be directed elsewhere.

In the meantime, you’re not wearing anything Emperor Facebook!