Facebook Malware Goes Viral 123
itwbennett writes "Just a few hours after a fake CNN news report appeared on Facebook Friday, more than 60,000 users had gone to the spoofed, malware bearing page according to Sophos Senior Security Advisor Chester Wisniewski. Facebook didn't respond to IDG News Service's request for information on 'how widespread the problem was or whether its own security had been breached, but Wisniewski said that there are a number of ways that status updates could appear without users' knowledge.'"
Hopefully lots of stuff of value was lost (Score:5, Insightful)
Maybe that'll teach people to be more wary about random links they see.
Re:Hopefully lots of stuff of value was lost (Score:1, Insightful)
Maybe that'll teach people to be more wary about random links they see.
And I suppose you hope lots of houses burn down too, so that people will clean the lint traps in their dryers more frequently.
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
Some people might call you a sadist, unfortunately. In my case though, I hope Slashdot will not 'force' us to use Facebook login...or whatever they call it.
This is because I do not have a Facebook account and do not intend to get one. Do not call me weird. People at work have called me names for not having a Facebook account.
Here is my reason for not having one: Having a Facebook account adds no value to me at all, save for inviting unwanted folks I have always loved to avoid into my life. Besides, I am too busy for Face-book anyway.
Re:Windows malware doesn't go viral (Score:2, Insightful)
does a viral video not also require some action by the end-user?
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
Yes, these posts on Slashdot will wait for no man... can't these people see I'm busy?
Bad advice in article (Score:5, Insightful)
The article states, "Of course there is no such Flash update. You should always download Flash from a genuine Adobe site."
This is poor advice. I would suggest, "Flash should never be installed on anyone's computer, ever."
nebulo
Those wily fb links (Score:5, Insightful)
.
These apps are hell! Why not just go to the WP and read the whole article there? It's like AOL came back from the 90s, bigger and badder (content not served to you; you have to beg for it by approving each 'app', and then you just get a morsel instead of the whole content). And ppl want this?!
Fine; let em have it. I now officially support these fb malware apps — funny to watch in action, and maybe enough of them will teach people not to use these 'apps'. And booyah on the Post for succumbing to the dumbing down of content to feed the masses.
Re:Windows malware doesn't go viral (Score:5, Insightful)
>It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.
Actually, it's the people in the Windows world who have been taught by the likes of Adobe and such that the normal way to install software is when you encounter a site that requires some special codec, that you install it straight away without question.
Flash itself is not the problem, it's the behavior of users who have been taught wrong in the Windows universe.
In sane environments, you look for trusted sources for software before blindly clicking on a web page. The Free Software world teaches people to look in the trusted repositories first (bsd ports system, debian packages, gentoo portage, etc) before downloading random binary code and running it willy-nilly.
--
BMO
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
So use Facebook as I use it - very carefully.
I put up a very minimal profile (Facebook may ask for a ton of information, but they require very little). Put up a neutral profile pic, and don't bother uploading any more photos.
Then accept friends with caution. There is no law saying you have to friend every real life friend on Facebook. I don't - in fact, I have probably 8-10 people on my "requesting to friend you" list. They are people I know in real life, but to whom I don't really care about. No one said you have to have a million "friends" in your friend list, or accept every invitation.
I also set all the controls so my friends can't do anything like tag me or such. And I don't post my every whim/though/status update there. Actually, I don't bother posting at all - it's just a token account I use to control my online identity. (I also don't spend more than a few minutes every few months).
There's no reason one can't have a facebook account, nor any law requiring one spend hours on the site - just set up a minimal profile, carefully choose your friends, and watch what you post (remember that everything you post online the entire world can see, regardless of privacy settings - so treat every post as a public blog post or comment on a website that everyone can see).
The real challenge though is the dancing pigs [wikipedia.org] problem, which most people on facebook seem vulnerable to.
Not a solution (Score:4, Insightful)
Why should I have to set up an account at a private website just to get a job? This is ridiculous. No matter how little info one has to divulge, why? By what right? I know that the companies doing this are stupid and I would not want to work for them under normal circumstances. But the economy is in the gutter, and sometimes you have to grab the first job coming (regardless of some jokers here claiming that "there are plenty of dev jobs out there"). Hiring has become so ridiculous lately that the government needs to step in and freaking regulate the process! Just have a standardized process. All the stupid gotcha interviews, dick measuring contests, "puzzle" bs, and now having to have a freaking facebook account are utterly ridiculous. The business has clearly shown they cannot act as adults and cannot be trusted. Government should step in and set some sensible rules.
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
Maybe that'll teach people to be more wary about random links they see.
Not really directed at you, as such, but... When did we accept that clicking on a link is a dangerous operation? I mean, sure, there's a risk you might end up at goatse or whatnot, but are browsers and web devs really so utterly incompetent that simply fetching a page from a dubious domain counts as head-slapping user error? It's really not that long since browsing the web was fairly safe, at least to the extent that if you didn't download and run random .exes it wouldn't break your computer. Most users expect that it still is and, frankly, they're right to have that expectation.
Or, to put it another way: the user can bork your security model just by clicking on a link, the problem is with the security model rather than with the user.
Comment removed (Score:4, Insightful)
Re:Hopefully lots of stuff of value was lost (Score:4, Insightful)
Or it's their preferred medium for contact/managing relationships. Another possibility is that it's just be one an expectation - like having an email address, website, business card or fax number would have been.
I personally don't like this. Facebook for me is a personal thing, not something I'd like to use for business. If they ask Facebook, I'd have to ask why? If its for contact, then use email, phone or LinkedIn, or smoke signals for all I care. Thry may just as well be asking for my girlfrirnd's mobile number.