Mark Dalby

India’s communications ministry has been asked by the home ministry to monitor social networking websites such as Twitter and Facebook amid fears that the services are being used by terrorists to plan attacks.

The request suggests that the Indian government is trying to broaden the scope of its online surveillance for national security.

Telecommunications service providers in India provide facilities for lawful interception and monitoring of communications on their network, including communications from social networking websites such as Facebook and Twitter, in accordance with their license agreements, Milind Deora, the minister of state for communications and IT, told Parliament, according to the country’s Press Information Bureau. But there are certain communications which are encrypted, Deora said Friday.

A security researcher has discovered a potentially major security flaw in Facebook, apparently caused by the communication package/service’s recently-launched close integration with Facebook.

According to David Vieira-Kurz of the SecAlert newswire, the Facebook integration has introduced a cross-site scripting (XSS) flaw into the Skype software, allowing the remote hijacking of a Skype session and potentially compromising a user’s system.

This is, he claims, due to a lack output sanitisation and allows a victim to be attacked even if they are not a Facebook-friend or Skype contact of the attacker. Vieira-Kurz has posted a proof-of-concept video showing how the flaw can be exploited. According to security forum reports, the problem affects the Windows version of Skype from v5.3 onwards and stems from the extension of the Facebook API to the Skype client environment.

Facebook is set to announce today a bug bounty program in which researchers will be paid for reporting security holes on the popular social-networking Web site.

Compensation, which starts at $ 500 and has no maximum set, will be paid only to researchers who follow Facebook’s Responsible Disclosure Policy and agree not to go public with the vulnerability information until Facebook has fixed the problem. “Typically, it’s no longer than a day” to fix a bug, Facebook Chief Security Officer Joe Sullivan told CNET in a conference call.

Facebook’s Whitehat page for security researchers says: “If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.”

The AntiSec campaign rumbles on with a new group going under the moniker of the Script Kiddies joining in.

Pfizer, the biggest research-based pharmaceutical company in the world, had its Facebook page hacked this week. The firm was not forthcoming on how the hack took place but a group known as the Script Kiddies has taken credit for the hit.

“We have been working with Facebook to understand what happened so we can guard against it in the future,” Pfizer said on its recovered Facebook page. “Thank you for your patience while our page has been down, and we are pleased to be sharing our news with you once more.”