by Dave Michmerhuizen, Security Researcher
Facebook is immensely successful. It is estimated that nearly 40% of the population of the United States has a Facebook account and that more people visit Facebook than visit Google.
However, many organizations consider Facebook to be both a distraction and a security risk. While it has been very common for Web filtering solutions to block all access to Facebook, many organizations are realizing the need to safely allow access, at least to some degree.
As you might expect, enthusiastic Facebook users aren’t very happy with being kept from their favorite website, even during work or school hours. Some of the more popular searches on Google are for “access facebook” and “unblock facebook.” These searches return lists of Facebook proxy sites.
Proxy software serves as an intermediary for internet traffic. To use a proxy to ‘unblock’ Facebook, users direct their web browsers to send requests to the proxy. The proxy performs the request and sends the results back to the web browser. Since the users do not deal directly with Facebook, blocking Facebook has no effect.
The sites that are returned by searching for “unblock Facebook” usually wrap proxy software with a Facebook-specific web user interface, offering themselves as web proxies so that frustrated Facebook users can sneak around the firewall and make that all important status post.
Here’s an example, the home page of accessexists.com
The links work fairly well, allowing you to log in to Facebook and use most functions seamlessly.
The problem with using one of these so-called Facebook proxy sites is you don’t know who’s running it, where there are located, or what might be done with your user name and password. Consider what network traffic gets sent in the clear when you use the proxy to log on to Facebook.
In this case our username and password are part of a POST transaction that is sent. Where is it being sent? WHOIS shows us that accessexists.com is owned by someone named Vladimir in Russia.
Vlaidmir is saving usernames and passwords, because after a day or so they get around to asking for money.
An unsophisticated user might see this as an immediate solution to an unfair problem, but it carries a great deal of risk. Valid Facebook usernames and passwords are sold to scammers on underground markets for a variety of purposes. One of the most common ones is simply sending spam messages to everyone on your friends list. Another is to use your account to carry out a variant of the Grandmother scam.
Trusting your Facebook username and password to an unknown third party is simply not worth the headaches it can cause.
Barracuda Networks customers using Barracuda Web Filters can restrict access to Facebook within the organization and can also block access to web proxy sites.