Facebook Malware Goes Viral 123
itwbennett writes "Just a few hours after a fake CNN news report appeared on Facebook Friday, more than 60,000 users had gone to the spoofed, malware bearing page according to Sophos Senior Security Advisor Chester Wisniewski. Facebook didn't respond to IDG News Service's request for information on 'how widespread the problem was or whether its own security had been breached, but Wisniewski said that there are a number of ways that status updates could appear without users' knowledge.'"
Hopefully lots of stuff of value was lost (Score:5, Insightful)
Maybe that'll teach people to be more wary about random links they see.
Re: (Score:1, Insightful)
Maybe that'll teach people to be more wary about random links they see.
And I suppose you hope lots of houses burn down too, so that people will clean the lint traps in their dryers more frequently.
Re: (Score:2)
Re: (Score:2)
More to the point, having your gun loaded while cleaning is like trying to change the fan belt while the car is running...
Re: (Score:2)
Re:Hopefully lots of stuff of value was lost (Score:5, Funny)
I have a bridge for sale in Brooklyn that they might be interested in. Cheap.
Re: (Score:2)
Re: (Score:1)
Isn't it odd that sending emails is free, yet wire-transfers cost a fee? I think email communications are more processor intensive than the latter. Tally Ho Old Chaps!
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
Some people might call you a sadist, unfortunately. In my case though, I hope Slashdot will not 'force' us to use Facebook login...or whatever they call it.
This is because I do not have a Facebook account and do not intend to get one. Do not call me weird. People at work have called me names for not having a Facebook account.
Here is my reason for not having one: Having a Facebook account adds no value to me at all, save for inviting unwanted folks I have always loved to avoid into my life. Besides, I am too busy for Face-book anyway.
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
Yes, these posts on Slashdot will wait for no man... can't these people see I'm busy?
Re:Hopefully lots of stuff of value was lost (Score:5, Interesting)
When I was in the job market, I lost potential jobs for not having a FB account.
With the fact that there is concern about deleted stuff not really being deleted, people searching profiles for anything (where a bad joke reposted can get someone flagged as a racist or gun nut for 7 years), using FB as a communication tool for anything other than the latest cat meme is out of the question.
I sometimes wonder about someone coming up with a paid membership site (so the subscribers are the true customers) for social networking where only the parties involved (and possibly LEOs) are the only ones privy to information posted and shared. Combine that, plus having data erased after a forensically apt period of time (30 days after it was deleted by the user), and this would be an actually useful service.
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
So use Facebook as I use it - very carefully.
I put up a very minimal profile (Facebook may ask for a ton of information, but they require very little). Put up a neutral profile pic, and don't bother uploading any more photos.
Then accept friends with caution. There is no law saying you have to friend every real life friend on Facebook. I don't - in fact, I have probably 8-10 people on my "requesting to friend you" list. They are people I know in real life, but to whom I don't really care about. No one said you have to have a million "friends" in your friend list, or accept every invitation.
I also set all the controls so my friends can't do anything like tag me or such. And I don't post my every whim/though/status update there. Actually, I don't bother posting at all - it's just a token account I use to control my online identity. (I also don't spend more than a few minutes every few months).
There's no reason one can't have a facebook account, nor any law requiring one spend hours on the site - just set up a minimal profile, carefully choose your friends, and watch what you post (remember that everything you post online the entire world can see, regardless of privacy settings - so treat every post as a public blog post or comment on a website that everyone can see).
The real challenge though is the dancing pigs [wikipedia.org] problem, which most people on facebook seem vulnerable to.
Not a solution (Score:4, Insightful)
Why should I have to set up an account at a private website just to get a job? This is ridiculous. No matter how little info one has to divulge, why? By what right? I know that the companies doing this are stupid and I would not want to work for them under normal circumstances. But the economy is in the gutter, and sometimes you have to grab the first job coming (regardless of some jokers here claiming that "there are plenty of dev jobs out there"). Hiring has become so ridiculous lately that the government needs to step in and freaking regulate the process! Just have a standardized process. All the stupid gotcha interviews, dick measuring contests, "puzzle" bs, and now having to have a freaking facebook account are utterly ridiculous. The business has clearly shown they cannot act as adults and cannot be trusted. Government should step in and set some sensible rules.
Re: (Score:2)
Hiring has become so ridiculous lately that the government needs to step in and freaking regulate the process! Just have a standardized process.
Sure. Let the government choose who they hire. So long as the governent then shells out the money to pay your wages, too.
Re: (Score:2)
Because in this economy, there are more than a few companies that will completely dismiss you for missing one or two trivial things. There's a hundred people lined up at the doorway to replace you.
Re: (Score:3)
The problem comes with the phenomenon of "tagging" where if someone ELSE who has abovementioned sharpie pictures of you can post them, tag YOU, and then they end up on YOUR page.
Like I said, welcome to 2012.
Re: (Score:3)
Unless of course you set your settings to not allow tagging or just simply remove the unwanted tags. Or you could even request that the owner take down the photo if it's so embarrassing, and assuming they're not an adolescent they'd probably do it.
The hatred for Facebook here on Slashdot is really quite absurd, and not just a little ironic as well, given that people here usually criticize others for not understanding technology.
You can set the privacy settings how you want, sure they have defaulted to publi
Re: (Score:2)
Unless of course you set your settings to not allow tagging or just simply remove the unwanted tags. Or you could even request that the owner take down the photo if it's so embarrassing, and assuming they're not an adolescent they'd probably do it.
If you don't have a Facebook account, how are you supposed to disallow tagging of yourself in Facebook photos?
Re: (Score:2)
If you don't have a Facebook account how can you be "tagged"?
Re: (Score:2)
I also set all the controls so my friends can't do anything like tag me or such. And I don't post my every whim/though/status update there. Actually, I don't bother posting at all - it's just a token account I use to control my online identity. (I also don't spend more than a few minutes every few months).
Another thing you might want to do is to not only restrict all information to "self" as opposed to "friends" or "public" is to enter false information. I call this my "fakebook" data, and was surprised (when facebook reset it's privacy rules like they do occasionally) when I got tons of "happy birthday" wall postings (and subsequent notification spam) on some random date (which is what I falsely entered in facebook).
However, ultimately, this is not the problem. Zuckerberg and many others know that the real
Re:Hopefully lots of stuff of value was lost (Score:5, Interesting)
If you lost potential jobs by not having a facebook account, then you did not want to work there anyway. They just wanted you to do their research for them by divulging every detail of your life on facebook so they could go through it and nitpick every little comment and picture in your account.
Re:Hopefully lots of stuff of value was lost (Score:4, Insightful)
Or it's their preferred medium for contact/managing relationships. Another possibility is that it's just be one an expectation - like having an email address, website, business card or fax number would have been.
I personally don't like this. Facebook for me is a personal thing, not something I'd like to use for business. If they ask Facebook, I'd have to ask why? If its for contact, then use email, phone or LinkedIn, or smoke signals for all I care. Thry may just as well be asking for my girlfrirnd's mobile number.
Re: (Score:2)
That was my whole point; they want to use it to analyze your life. It's basically a gold mine of information regarding your potential hire. However filtering out people completely who don't have it is lazy. Not everyone wants to broadcast their life online, and it makes little sense to force them to just to save yourself some time. Facebook is not the only way to find information on potential hires.
I will never agree with a filter based on whether or not someone has Facebook or not.
Re: (Score:2)
Seriously what kind of job or company would require having an FB account, even if only for an interview? Not everyone has one and an employer would have to either be idiotic to not know this or be 13 years old. People avoid FB on purpose.
Re: (Score:2)
Re: (Score:1)
To be more precise, you *imagine* that having a FB account adds no value to you at all. You ran a quick simulation in your head in which the experience felt awful and without value, and you decided that such would be the reality if you were on FB.
But humans are notoriously bad about mentally simulating the future in order to find out how they'd feel, for nontrivial things. (Lots of good research on that one.) So if lots of your friends and peers tell you the experience is not bad, there's a good chance you'
Re: (Score:2)
> ...for nontrivial things.
But we're talking about Facebook.
Re: (Score:1)
Well people dont even on sites that claim to be "superior' sites like Slashdot. This is why the Goatse trolls are still in business and have massive lemon parties every week.
Re:Hopefully lots of stuff of value was lost (Score:5, Insightful)
Maybe that'll teach people to be more wary about random links they see.
Not really directed at you, as such, but... When did we accept that clicking on a link is a dangerous operation? I mean, sure, there's a risk you might end up at goatse or whatnot, but are browsers and web devs really so utterly incompetent that simply fetching a page from a dubious domain counts as head-slapping user error? It's really not that long since browsing the web was fairly safe, at least to the extent that if you didn't download and run random .exes it wouldn't break your computer. Most users expect that it still is and, frankly, they're right to have that expectation.
Or, to put it another way: the user can bork your security model just by clicking on a link, the problem is with the security model rather than with the user.
Re: (Score:3)
I have seen parts of the internet where normal eye bleach wouldn't have helped anymore, but if we couldn't just go out and explore, the web wouldn't be the same anymore.
Of course once users carelessly click through the warnings, it's ti
Re: (Score:2)
Re: (Score:2)
I use Adblock Plus.
||facebook.com^$third-party,domain=~facebook.net|~fbcdn.com|~fbcdn.net
||facebook.net^$third-party,domain=~facebook.com|~fbcdn.com|~fbcdn.net
||fbcdn.com^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.net
||fbcdn.net^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.com
Nothing else on the web can even tell that Facebook's servers exist, unless I write it an exception. Grooveshark even pops up a little message to warn me of this.
Re: (Score:2)
> ||facebook.com^$third-party,domain=~facebook.net|~fbcdn.com|~fbcdn.net
> ||facebook.net^$third-party,domain=~facebook.com|~fbcdn.com|~fbcdn.net
> ||fbcdn.com^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.net
> ||fbcdn.net^$third-party,domain=~facebook.com|~facebook.net|~fbcdn.com
I firewall Fecesbook on my home PC. Here are their known address blocks in CIDR and range formats...
66.220.144.0/20 66.220.144.0 - 66.220.159.255
69.63.176.0/20 69.63.176.0 - 69.63.191.255
69.171.224.0/19 69.171.22
Re: (Score:2)
"When did we accept that clicking on a link is a dangerous operation?"
Drive-by malware. Duh.
Re: (Score:2)
When you started using Microsoft Windows.
Comment removed (Score:4, Insightful)
Re:Hopefully lots of stuff of value was lost (Score:5, Funny)
"Maybe that'll teach people to be more wary about random links they see."
No, no it wont. I have worked in IT for 12 years and was happy to escape it 6 years ago. I still see that even today, the average user gleefully clicks on any link they see. I think most users think the internet is a giant game of whack a mole.
Re: (Score:1)
Re: (Score:2)
Having a bad day?
Windows malware doesn't go viral (Score:2)
Re: (Score:2, Insightful)
does a viral video not also require some action by the end-user?
Re: (Score:1)
In that case the video isn't a virus or even malware, more like a social engineering exploit. Technical terms have a more rigid definition that language used in casual conversion. I have seen the terms virus, worm and malware mixed-up, even in technical reports.
--
"When I use a word, it means just what I choose it to mean"
Re: (Score:1)
It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.
If these users don't already by default black plug-ins from running, but then again I would think those are the users that do not click random links
Re:Windows malware doesn't go viral (Score:5, Insightful)
>It should be pointed out that only users of Facebook and 'Adobe Flash` running on Microsoft are suseptable to this vulnerability.
Actually, it's the people in the Windows world who have been taught by the likes of Adobe and such that the normal way to install software is when you encounter a site that requires some special codec, that you install it straight away without question.
Flash itself is not the problem, it's the behavior of users who have been taught wrong in the Windows universe.
In sane environments, you look for trusted sources for software before blindly clicking on a web page. The Free Software world teaches people to look in the trusted repositories first (bsd ports system, debian packages, gentoo portage, etc) before downloading random binary code and running it willy-nilly.
--
BMO
Re: (Score:1)
it should be pointed out that a similar thing is happening in android with regards to app permissions.
Re: (Score:2)
Eh, there's a fair amount of pushback on this.
Was looking at getting a dice roller on my phone, and one of the free apps I was looking at had a number of 1-star ratings because the dice roller needed access to dialing out, the internet, and who-knows-what-else.
The author of the app just put up an apologetic, "We need all those permissions on this app to get Google Ads to work", without bothering to fix the underlying cause. He didn't need all the permissions he was asking for.
A friend of mine gave an intere
Re: (Score:1)
Technically speaking malware can't go viral, as in malware requires action by the enduser.
It is sad that you even got a single upvote.
Malware is a generic term used for ANY kind of malicious software. Malware which requires user interaction is called a Trojan Horse. A Virus is malware which spreads copies of itself by attaching or otherwise altering code in other applications. A Worm is malware which will replicate itself by mean other than "infecting" an existing file, and instead of making copies will 'move' itself to different locations. There are other types including rootkits, logic bombs,
Clicking links! (Score:2)
Re: (Score:2)
It must be hell out there, with that weather... (Score:5, Funny)
Was anyone else amused the news article is titled "U.S. Attacks Iran and Saudi Arabia", but the video thumbnail shows tanks driving through snow?
Re:It must be hell out there, with that weather... (Score:5, Funny)
It's not snow but rather, cocaine. Explains the madness going on in those countries.
Re: (Score:1)
Was anyone else amused the news article is titled "U.S. Attacks Iran and Saudi Arabia", but the video thumbnail shows tanks driving through snow?
While I too found this observation funny, they sometimes do have "winters" in Iran. Google "snow in Tehran" for collection of beautiful pictures.
Re: (Score:2)
Well, there's also the stop sign at the corner of the street, too.
Re: (Score:2)
Was anyone else amused the news article is titled "U.S. Attacks Iran and Saudi Arabia", but the video thumbnail shows tanks driving through snow?
Well, no. Maybe because it's winter out there too, so snow is to be expected.
Bad advice in article (Score:5, Insightful)
The article states, "Of course there is no such Flash update. You should always download Flash from a genuine Adobe site."
This is poor advice. I would suggest, "Flash should never be installed on anyone's computer, ever."
nebulo
^ right here (Score:2)
Re: (Score:3)
and youtube can go fuck itself, right?? because the html5 player still can't play shit, even on chrome.
Re: (Score:3)
Actually that's not true. At least on Chrome, Youtube's HTML5 has true fullscreen (finally). I had been expecting them to do it since they own both Youtube and Chrome, so they can work on both sides of the equation. Now when you click the fullscreen button, the browser also goes fullscreen (as if you also hit F11). This makes HTML5 for all practical purposes equivalent to Flash, now.
Re: (Score:2)
seeking does not work. it starts buffering again from the point you seek to, which is completely annoying because it takes time to buffer hd streams. the reality is that right now, flash is miles ahead of anything else for the purposes of streaming video over the net. for example, look at any of youtube's live streams, all sorts of auto-bandwidth shit goes on in the background and the video quality varies seamlessly without any annoying breaks. ditto south park studios.
also, i hate not being able to control
Re: (Score:2)
Well, ya, I guess people can skip youtube also without their lives coming to an end.
Re: (Score:2)
"Flash should never be installed on anyone's computer, ever."
Let alone anyone's phone !
Re: (Score:2)
Those wily fb links (Score:5, Insightful)
.
These apps are hell! Why not just go to the WP and read the whole article there? It's like AOL came back from the 90s, bigger and badder (content not served to you; you have to beg for it by approving each 'app', and then you just get a morsel instead of the whole content). And ppl want this?!
Fine; let em have it. I now officially support these fb malware apps — funny to watch in action, and maybe enough of them will teach people not to use these 'apps'. And booyah on the Post for succumbing to the dumbing down of content to feed the masses.
Re: (Score:3)
> It's like AOL came back from the 90s, bigger and badder
At least AOL sent 3.5" disks that could be used storage (tape write-protect hole) or as coasters for beverages.
But seriously, "alpha hotels" can post dangerous wily links and with zillion people on FB, all it takes is 0.001% to fall for it and there will be large numbers of computers will be inflicted. This has potential to spread and cause havoc.
I use one computer for online stuff, other machines ain't know way ever connect them to the 'net
Re: (Score:2)
These apps are hell! Why not just go to the WP and read the whole article there? It's like AOL came back from the 90s, bigger and badder (content not served to you; you have to beg for it by approving each 'app', and then you just get a morsel instead of the whole content). And ppl want this?!
Because it'll be more like their smartphones (and EVERYBODY knows we now want our desktops and laptops to look and act just like our phones, even Microsoft!), despite the fact that having a separate "app" for every content provider is anything but smart.
Unless you're just looking for (more) ways to extract rents from people while you're merrily leading them down the primrose path to AOL ca. 1992... or Apple ca. 2012...
Re: (Score:2)
Not me (Score:4, Informative)
Instructions on how to permanently delete your Facebook account [groovypost.com]
Re: (Score:1)
That's cute, you think that telling Facebook to delete your account removes any information they have of you.
Re: (Score:3)
Even if they actually did delete it from all their servers and backups, some of it could still have been harvested by who knows how many site grabbers and bots. And you can't delete that.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Instructions on how to permanently delete your Facebook account [groovypost.com]
"Steve Krause" Seattle site:facebook.com
http://www.google.com/#sclient=psy-ab&hl=en&source=hp&q=%22Steve+Krause%22+Seattle+site:facebook.com&oq=%22Steve+Krause%22+Seattle+site:facebook.com&aq=f&aqi=&aql=&gs_sm=e&gs_upl=30292l35604l1l41026l4l4l0l0l0l0l104l287l3.1l4l0&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=fd74ce06838e713b&biw=1112&bih=799 [google.com]
Does it run Linux ?! (Score:2)
NO !
Re: (Score:2)
60,000 people ... (Score:2)
... whose access to the internet and computers needs to be denied.
Facebook + Cloud Computing... scarey idea (Score:2)
Facedrive(TM)... are you tired of paying high rates for your offsite storage and backups? Fear not, for there are versions of Facedrive(TM) specifically tailored for residential, and small/medium/large businesses. Simply click on this link http://bad.example.com/ [example.com], download and launch the free app that will evaluate your hard drive, and advise you if you qualify fro FREE* service.
*Restrictions may apply.