Most people use the internet without being aware of the constant threat of hackers, spammers, and phishers. Due to the nature of the internet, and the nature of malicious software, most websites will at some point need to deal with patching a security hole. All good websites take these issues very seriously, since no one wants users to suffer. At Facebook, where people keep so much of their lives and information, we've built an amazing security team solely focused on making sure our users have a safe experience on the site.

The security team at Facebook is dedicated to investigating and auditing our own code for holes, as well as reaching out to people in an extended community to let us know if we've missed anything. If we get a report of a bug or a hole from a user, a security researcher, a reporter, blogger, or anyone, we check it out and fix it as quickly as possible. In fact, we appreciate it when help comes our way from the many security experts and organizations out there. That's why many of us are attending DEFCON this weekend. DEFCON is one of the largest and oldest running hacker conventions, held in Vegas. By going and learning from other people in the online security space, we make keeping people safe online a joint effort.

Even right now, as we're preparing to leave for DEFCON, we spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on Walls urging users to view a video that pretends to be hosted on a Google or YouTube website. We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware.

As a Facebook user you can help us protect you by doing the following things:

• Report any spam message or posting you see. The more reports we get, the easier it is for us to respond decisively.


• Never share your Facebook password with anyone. Never. No Facebook employee will ever ask for it, and no one else should know it. If you are ever prompted to log in to Facebook, make sure it's from a legitimate Facebook web address. If something looks or feels off, go directly to www.facebook.com to log in.


• If your Windows PC or Mac is ever infected with malware or a virus, check out these helpful sites: http://www.microsoft.com/security/default.mspx or http://support.apple.com/kb/HT1222


• Finally, just as in your off line community, be aware of your surroundings in your online community. If a user doesn't seem right, or says or posts something that you feel is threatening or inappropriate, report it to us.

We work hard to keep Facebook as safe as we can. The security team is always happy when we see spammers complain that it is too hard to make a profit from Facebook. We're also happy when we hear from our users that they consider us a safer place to be online.



Max Kelly is Head of Security at Facebook and hopes that if you are attending DEFCON, you will find him (or someone else from the Facebook team) and say hey.