Technology Explained for All
Internet
Alert: Yahoo website (Including mail) and Yahoo Messenger appear to be currently down
Jul 22nd
**UPDATE – As of 12:10p its seems the issue is now corrected and it appears that the issue affected those with Comcast or AT&T Internet providers.
**********************************************
As of 11:15 a (EST) it does appear that most (if not all) of the Yahoo properties (Website, Mail, Messenger) are not responding. No details are known as of yet. More details to follow as soon as possible.
Facebook: ALERT – New Malware attack using Facebook. DONT CLICK ON “Most Hilarious Video Ever” wall posts.
May 31st
It seems that recently Facebook has be at the center of many web issues. Unfortunately, this is a trend that seem to continue as now we have a new Facebook attack that has the goal of stealing your credentials (there for taking over your account) in addition to downloading malware on your pc. If you see any wall post about the “Most Hilarious Video Ever”, DO NOT CLICK on it. If its on your own wall delete the post from your wall, if you have already clicked on the link (Fallen for the post), you need to immediately go to your profile and change your password information.
The following information comes from the WEBSENSE blog (LINK: http://community.websense.com/blogs/securitylabs/ (http://community NULL.websense NULL.com/blogs/securitylabs/)) concerning this new FB attack, included below is a video from websense showing how the attack happens.
Posted: 28 May 2010 09:11 PM
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/1106 NULL.facebook_5F00_hilarious_5F00_1 NULL.png)
We predicted that this attack would happen again and unfortunately we were right.
This attack is different from previous weekends as not only do the attackers try to steal your Facebook credentials, what happens after that depends on which country you connect from. Once you click on the link to view the video you are taken to a fake Facebook login page where you are tricked into entering your credentials. The login page look like the real thing except of course if you look at the address bar you can see that you’re not on facebook.com. But users can easily be tricked into thinking that they temporarily were logged out of Facebook and to continue they have to login.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4478 NULL.facebook_5F00_hilarious_5F00_4 NULL.png)
Regardless of what you enter in the login form you are then taken to a page on the real Facebook site that asks you to allow the application to access your profile. If you allow that you’re taken to a page saying that you need to upload your FLV Player to view the video. Up until this point it’s similar to how the two previous attacks have worked, except that this new one also has the phishing component. However, what happens now depends on which country you are connecting from.
If you are coming from a US IP address you are prompted to download the FLV Player, which is detected by 35% of antivirus engines (http://www NULL.virustotal NULL.com/analisis/ba220931f0993b752cc9cc25d449904646528fee138ace928f027bb643f3b61e-1275104977), as can be seen in the screen shot:
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/3755 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/0842 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
However, if you’re coming from a UK IP address you’re taken to a quiz where they have to answer 10 questions.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4617 NULL.facebook_5F00_hilarious_5F00_3 NULL.png)
Once completed the user then gets the chance to win an iPad! All they have to do is to fill in their address. So instead of tricking the user into installing a malicious file, this time they’re after your information in addition to your Facebook credentials from the fake login page.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/8512 NULL.facebook_5F00_hilarious_5F00_5 NULL.png)
It’s very likely that the behavior is different than the two examples we have described depending on which country you connect from. In our testing we only had the ability to test this attack from the US and UK but regardless of where you are connecting from you shouldn’t click on the fake video and never, ever give you Facebook username and password to a website that is not facebook.com. We also recommend you to install Defensio, our free security app for Facebook that will protect your wall from posts like this. You can get it from http://defensio.com (http://defensio NULL.com)
Facebook: TGM Test which proves one of the six things you need to know about Facebook Connections
May 11th
A few minutes ago, TGM Posted information concerning the New Facebook Connections. The information was from the EFF (Electronic Frontier Foundation), and TGM wanted to test and see if we could show you #6 in the list of Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook) (LINK: http://www.techgeekandmore.com/2010/05/10/facebook-connections-eff-electronic-frontier-foundation-privacy-changes-six-things-to-know/ ) because #6
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
For some reason just bugged more than the other 5. The sad thing to report is that within a couple of moment we were able to recreate #6. This affects anyone who posts anything on their or other peoples wall with a setting of “Everyone”.
To make it clear, this happened when posting to a wall with the EVERYONE setting, which means when you post the lock is set to Everyone (Example below).
As noted once I hit share it gets added to the wall.
That is where most people would assume that my post would end. However, it doesn’t, and this is where #6 of the 6 things you need to know comes in play
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
As it says if you use the name of a Connections page in your post on your wall, it may show up on the Connections page. In my test I used FB….I (Note its is FBI but there is a space), and when I go to the FBI Connections page (LINK: http://www.facebook.com/pages/FBI/109596699068116?v=stream&ref=ts (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts)) to my surprise we find
my post for my wall. I didn’t talk about the FBI, I said FB…I, yet I am now listed on a Connections page for the FBI (Of which I don’t believe it has any direct involvement with the actual Bureau). If I didn’t visit the FBI Connections why is my post here. In addition there are other people who have posts for FBI or FB…I that get posted continuously.
So before you post something with EVERYONE settings, you better think about what your posting as it may go past your wall.
Facebook: Six Things You Need to know about Facebook Connections.
May 10th
With the changes to Facebook that recently announced, here is some additional information concerning the Newly Announced Facebook Connections. The Following post is from the EFF (Electronic Frontier Foundation) (LINK: http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook))
Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook)
Commentary (http://www NULL.eff NULL.org/blog-categories/commentary) by Kurt Opsahl (http://www NULL.eff NULL.org/about/staff/kurt-opsahl)
"Connections." It’s an innocent-sounding word. But it’s at the heart of some of the worst of Facebook’s recent changes.
Facebook first announced (http://blog NULL.facebook NULL.com/blog NULL.php?post=382978412130) Connections a few weeks ago, and EFF quickly wrote at length about the problems they created (http://www NULL.eff NULL.org/deeplinks/2010/04/facebook-further-reduces-control-over-personal-information). Basically, Facebook has transformed substantial personal information — including your hometown, education, work history, interests, and activities — into "Connections (http://www NULL.eff NULL.org/deeplinks/2010/04/handy-facebook-english-translator#connections)." This allows far more people than ever before to see this information, regardless of whether you want them to.
Since then, our email inbox has been flooded with confused questions and reports about these changes. We’ve learned lots more about everyone’s concerns and experiences. Drawing from this, here are six things you need to know about Connections:
-
Facebook will not let you share any of this information without using Connections. You cannot opt-out of Connections. If you refuse to play ball, Facebook will remove (http://www NULL.facebook NULL.com/help/?faq=17121) all unlinked information from your profile.
-
Facebook will not respect your old privacy settings in this transition. For example (http://voices NULL.washingtonpost NULL.com/fasterforward/2010/04/facebook_privacy_contd NULL.html), if you had previously sought to share your Interests with "Only Friends," Facebook will now ignore this and share your Connections with "Everyone."
-
Facebook has removed your ability to restrict its use of this information. The new privacy controls only affect your information’s "Visibility," (http://www NULL.eff NULL.org/deeplinks/2010/04/handy-facebook-english-translator#visibility) not whether it is "publicly available."
Explaining what "publicly available" means, Facebook writes (http://www NULL.facebook NULL.com/policy NULL.php):
"Such information may, for example, be accessed by everyone on the Internet (including people not logged into Facebook), be indexed by third party search engines, and be imported, exported, distributed, and redistributed by us and others without privacy limitations."
-
Facebook will continue to store and use your Connections even after you delete them. Just because you can’t see them doesn’t mean they’re not there. Even after you "delete" profile information, Facebook will remember it (http://www NULL.facebook NULL.com/help/?faq=17121). We’ve also received reports that Facebook continues to use deleted profile information to help people find you through Facebook’s search engine.
-
Facebook sometimes creates a Connection when you "Like" something. That "Like" button you see all over Facebook, and now all over the web? It too can sometimes add a Connection (http://www NULL.facebook NULL.com/help/?faq=17219) to your profile, without you even knowing it.
-
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
Facebook: How to OPT OUT of the Facebook Instant Personalization feature
May 10th
In the past couple of weeks, Facebook has made many changes that can at minimum be considered troubling to anyone concerned about their information getting shared publicly. The following post and video comes from the EFF (The Electronic Frontier Foundation)**. (LINK: http://www.eff.org/deeplinks/2010/04/how-opt-out-facebook-s-instant-personalization (http://www NULL.eff NULL.org/deeplinks/2010/04/how-opt-out-facebook-s-instant-personalization)).
(SOAPBOX) TGM is NOT advocating a position on either side of the debate (At this time), everyone who uses technology should be aware of their choices and be able to find what works for them. It is up to each person to chose how much information they care to expose publicly, what 1 person thinks is unacceptable, someone else may see as just the cost of getting a new feature. The following information is directed at those who believe the steps Facebook is taking is unacceptable (END SOAPBOX)
How to Opt Out of Facebook’s Instant Personalization
Deeplink by Kurt Opsahl (http://www NULL.eff NULL.org/about/staff/kurt-opsahl)Update: Friday morning Facebook changed its privacy settings layout, making it a bit more challenging to opt out completely. As before, unchecking the “Allow” box is not sufficient because you need to block each Instant Personalization website to fully opt out. However, the previous path (via “Learn More”) to the necessary Block Application buttons was removed, with Facebook suggesting instead you first go to the sites (at which point your information is disclosed), and then click “‘No Thanks’ on the blue Facebook notification on the top of partner sites.” To fully opt out, you need to:
- Go to the Instant Personalization (http://www NULL.facebook NULL.com/settings/?tab=privacy§ion=applications&field=instant_personalization) privacy setting and uncheck the “Allow” button. Click confirm. Come back to this page.
- Go to the page for Microsoft Docs (http://www NULL.facebook NULL.com/docs), click Block Application on the page, click Block Application on the pop-up, and click Okay on the next pop-up. Come back to this page.
- Go to the page for Pandora (http://www NULL.facebook NULL.com/apps/application NULL.php?id=139475280761), click Block Application on the page, click Block Application on the pop-up, and click Okay on the next pop-up. Come back to this page.
- Go to the page for Yelp (http://www NULL.facebook NULL.com/apps/application NULL.php?id=97534753161) , click Block Application on the page, click Block Application on the pop-up, and click Okay on the next pop-up. Come back to this page.
- Optional: Go to the Facebook Site Governance (http://www NULL.facebook NULL.com/fbsitegovernance?v=wall&story_fbid=120701477944064) page, and express your opinion in a comment.
**About the EFF – From Wikipedia (http://en.wikipedia.org/wiki/Electronic_Frontier_Foundation (http://en NULL.wikipedia NULL.org/wiki/Electronic_Frontier_Foundation))
The Electronic Frontier Foundation (EFF) is an international non-profit digital rights advocacy and legal organization based in the United States. Its stated mission is to:
- Engage in and support educational activities which increase popular understanding of the opportunities and challenges posed by developments in computing and telecommunications.
- Develop among policy-makers a better understanding of the issues underlying free and open telecommunications, and support the creation of legal and structural approaches which will ease the assimilation of these new technologies by society.
- Raise public awareness about civil liberties issues arising from the rapid advancement in the area of new computer-based communications media.
- Support litigation in the public interest to preserve, protect, and extend First Amendment rights within the realm of computing and telecommunications technology.
- Encourage and support the development of new tools which will endow non-technical users with full and easy access to computer-based telecommunications.
(http://www
