Facebook (and a number of other platforms in the Social Networking revolution) enables great minds to do great things. Many of us uses these services on a regular basis (daily, hourly, or even every moment of the waking hours).
I for one is a huge fan of networking, and using networking sites enables me to communicate and stay in touch with old and new contacts easily. On the other hand, I recognize the security challenges – namely the ID-theft and the social engineering (SE) possibilities that is enabled through such services.
One of the messages I try to convey in speeches and trainings is the threat that Facebook Apps may be. Granting an application access to your profile, automatically enables that application to harvest a huge amount of data about you and your friends. Now, most applications are "for real" – thus doing only the thing it claims to do. Still, imagine a business manager sitting on 10s of thousands of users and their data, in need for money. It would be extremely easy to use the data already harvested, as well as rewrite the application to be more aggressive in it's harvesting.
The other scenario is malicious apps appearing cool and fun and a "must have". These apps would offer you a service (chocolate) as a killer app – something you just have to have. And you would invite all your friends to use it too. By offering the coolest, it will become popular, and thus the road is open to harvest and use information. Information that you normally only would share with friends only.
In enters the Social Engineer. Uses the information about you, collates it with other info shared on other sites, creating a complete profile of you, your interests, your family, friends, co-workers, neighbors and so forth.
Perhaps one day he bumps in to you at the local mall. Or calls you because "someone said that you could be interested in …"
Having a complete profile of you, he (she) would know all the answers, and thrill you into doing anything. Given enough time, and a valuable target, there are no limits to what can be achieved.
Given this outlook – perhaps it is best to continue as before – in ignorance. Hoping that "it will never happen to me".
I gotta run.
Just got this incredible, almost unbelievable, opportunity! This complete stranger called me out of nowhere!
See you in a bit!