Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
Has Facebook sent you an email about its data use policy?
Don't feel too special - they sent it to an awful lot of people.
Here's what you probably received, in an email entitled "Updates to Data Use Policy and Statement of Rights and Responsibilities":
In case you're still unsure - that is genuinely an email from Facebook.
Yes, Facebook has just given its one billion (and counting..) users seven days to comment on a change it is making to its data use policies.
That's correct. You've only got until November 28th if you wish to respond. I'm sure that the fact Facebook has chosen to do this across a major US holiday is purely an unfortunate coincidence rather than a deliberate timing decision.
One of the company's planned changes is to change the way it handles future changes to its data use policy (which explains how the site collects and uses data about you). Facebook says it wants to ditch user voting in favour of requesting feedback in the form of comments from users.
Additionally, as The Telegraph explains, the proposed new data use policy would allow Facebook to use data from "from our affiliates or our advertising partners.. to tell us information about you" and "improve the quality of ads."
In all likelihood, this is part of Facebook's plan to build up a more precise picture of its many users, targeting advertisements better, and using data not only from its own site but recently acquired companies such as Instagram.
Some people are so used to being bombarded with bogus and malicious emails claiming to come from the likes of Facebook, LinkedIn and Twitter that they don't believe the legitimate communications they receive any more.
It's unfortunate that this latest legitimate email from Facebook, which is being sent to over a billion email accounts around the globe, has caught some social networking users off-guard.
In fact, Naked Security has received queries from readers who are worried that the email could be a phishing attack, or an attempt to infect their computers with malware.
Take this example from "Laura" (we've obscured some details to protect her identity):
Not sure what I'm reporting but myself and loads of others on FB have received emails from FB about "Data use policy"
I never opened mine but deleted it.
Is it a scam or a virus?
Have you received other complaints about it?
I see below you want URL etc, but a bit nervous to open the link to copy for you
Laura, although it would be perfectly possible for a malicious hacker to spam out a message pretending to be from Facebook, and they could even ape its wording, look-and-feel etc, I suspect that you've received the real thing.
Maybe if Facebook wants more users to respond and feedback regarding the changes to its data use policy it should display a message as users log into the site. That would, at the very least, go some way to reassure them that the emails are legitimate.
And, of course, it may encourage more feedback from users regarding the changes. As I imagine that's what Facebook wants, right?
Follow @gcluley
The past couple of weeks have been interesting times for anyone following the malicious Blackhole exploit kit that continues to dominate the charts.
In March 2011, algorithms used to command and control the International Space Station were exposed. 
The computer was protected only with a password and lacked whole disk encryption, which left the information accessible to thieves. 
But that is, apparently, a lesson that NASA has now taken to heart and will implement with all due haste. 
Microsoft has reminded Internet Explorer users of the importance of keeping their browser updated against security threats. 
Venerable BSD-based operating system FreeBSD has announced a smallish system compromise. 
SSH, or secure shell, is the predominant remote-access protocol for non-Windows systems. 
Beware of attractive strangers contacting you on Facebook, and requesting that you help finance a shipment of goods in your name.. you might find yourself out of pocket, with little chance of redress.
The TNS24 website publishes testimonies from happy, smiling customers - but our suspicion is that these are just as bogus as the photographs used to describe TNS24's staff and vehicles.
In April 2011, Naked Security wrote an open letter to Facebook about security and privacy.
The affiliate ad network behind a tidal wave of bogus pitches for Acai Berry weight loss products and colon cleansers has agreed to pay a $2 million penalty to the US Federal Trade Commission (FTC) for deceptive advertising. 
Consumers were given false promises about the effectiveness of the Acai Berry treatments and the sites failed to disclose that consumers who signed up for a "free trial" of the Acai Berry treatments were actually billed on a recurring basis for additional shipments of the product, the FTC said. 
The latest edition of Virus Bulletin magazine includes a comparative test of 36 different anti-virus products, exploring their ability to reliably detect malware on the Windows Server 2003 R2 platform.
It's easy to understand how hacking groups, involved in undercover cybercrime, might want to keep their activities hidden from the-powers-that-be and law enforcement agencies, and conduct their crimes in secrecy.
A serious security problem has been uncovered in Skype, which allows hackers to hijack accounts just by knowing users' email addresses.
It's true to say that there's a lot lot less malware in existence for Macs than there is for Windows PCs. But that doesn't mean that it doesn't exist at all.
The owner of a web host tried to promote his anti-DDoS kit and highlight vulnerabilities by launching two brief DDoS (distributed denial of service) attacks against the Hong Kong stock exchange, but he instead wound up convicted and sentenced to nine months in jail. 
Is Tse's sentence fair? Wasn't he acting as an ethical hacker, out to poke the stock exchange in the ribs? Didn't the stock exchange need that poke, given that it was still vulnerable after suffering a DDoS? 
US pizza chain Papa John's is in the firing line of a Seattle, Washington, law firm.
A teenage hacker prodigy in India claims to have developed a prototype of malware that will run on smartphones running Microsoft's new Windows Phone 8 operating system - the first known instance of Windows Phone 8 malware. 
It turns out that a surprisingly naïve trust in the supposed anonymity of pseudonymous email accounts has triggered the downfall of the US's top spy chief. 
Do you have photographs on your smartphone that you don't want others to see? If an app publisher tells you that they will keep your secrets safe would you trust them?
Sooner or later I expect we'll see an app developer being held accountable for leaked secrets. After all, they promised the unsuspecting user that they would protect those secrets.