Technology Explained for All
Facebook Apps
Facebook: ALERT – New Malware attack using Facebook. DONT CLICK ON “Most Hilarious Video Ever” wall posts.
May 31st
It seems that recently Facebook has be at the center of many web issues. Unfortunately, this is a trend that seem to continue as now we have a new Facebook attack that has the goal of stealing your credentials (there for taking over your account) in addition to downloading malware on your pc. If you see any wall post about the “Most Hilarious Video Ever”, DO NOT CLICK on it. If its on your own wall delete the post from your wall, if you have already clicked on the link (Fallen for the post), you need to immediately go to your profile and change your password information.
The following information comes from the WEBSENSE blog (LINK: http://community.websense.com/blogs/securitylabs/ (http://community NULL.websense NULL.com/blogs/securitylabs/)) concerning this new FB attack, included below is a video from websense showing how the attack happens.
Posted: 28 May 2010 09:11 PM
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/1106 NULL.facebook_5F00_hilarious_5F00_1 NULL.png)
We predicted that this attack would happen again and unfortunately we were right.
This attack is different from previous weekends as not only do the attackers try to steal your Facebook credentials, what happens after that depends on which country you connect from. Once you click on the link to view the video you are taken to a fake Facebook login page where you are tricked into entering your credentials. The login page look like the real thing except of course if you look at the address bar you can see that you’re not on facebook.com. But users can easily be tricked into thinking that they temporarily were logged out of Facebook and to continue they have to login.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4478 NULL.facebook_5F00_hilarious_5F00_4 NULL.png)
Regardless of what you enter in the login form you are then taken to a page on the real Facebook site that asks you to allow the application to access your profile. If you allow that you’re taken to a page saying that you need to upload your FLV Player to view the video. Up until this point it’s similar to how the two previous attacks have worked, except that this new one also has the phishing component. However, what happens now depends on which country you are connecting from.
If you are coming from a US IP address you are prompted to download the FLV Player, which is detected by 35% of antivirus engines (http://www NULL.virustotal NULL.com/analisis/ba220931f0993b752cc9cc25d449904646528fee138ace928f027bb643f3b61e-1275104977), as can be seen in the screen shot:
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/3755 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/0842 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
However, if you’re coming from a UK IP address you’re taken to a quiz where they have to answer 10 questions.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4617 NULL.facebook_5F00_hilarious_5F00_3 NULL.png)
Once completed the user then gets the chance to win an iPad! All they have to do is to fill in their address. So instead of tricking the user into installing a malicious file, this time they’re after your information in addition to your Facebook credentials from the fake login page.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/8512 NULL.facebook_5F00_hilarious_5F00_5 NULL.png)
It’s very likely that the behavior is different than the two examples we have described depending on which country you connect from. In our testing we only had the ability to test this attack from the US and UK but regardless of where you are connecting from you shouldn’t click on the fake video and never, ever give you Facebook username and password to a website that is not facebook.com. We also recommend you to install Defensio, our free security app for Facebook that will protect your wall from posts like this. You can get it from http://defensio.com (http://defensio NULL.com)
Facebook: A simple way to check your privacy/security settings.
May 18th
With all the talk about Facebook and its ever changing security settings, I have a new way (and simple way) to check your settings to see if your profile settings are set for privacy. If you visit Reclaimprivacy (LINK: http://www.reclaimprivacy.org/ (http://www NULL.reclaimprivacy NULL.org/)) you can check and see what your settings are allowing to be made public.
ReclaimPrivacy focuses on six primary areas:
- Whether your personal information is restricted to your friends or closer
- Whether your contact information is exposed to the entire Internet
- Whether all of your friends, tags and connections are restricted to you or closer
- Whether your friends can share information about your with external applications or websites
- Whether you’re opted out of Facebook’s new instant personalization program
- Whether you’ve blocked applications that can leak your information.
As the ReclaimPrivacy site states –
Our mission is to promote privacy awareness on Facebook and elsewhere. Spread awareness to your friends on Facebook by sharing this website with them:
To Check you settings is actually pretty simple. The following steps will guide to how you can scan your settings. (This information is from the Reclaimprivacy.org site)
Get Protected
This website provides an independent and open tool for scanning your Facebook privacy settings. The source code (http://github NULL.com/mjpizz/reclaimprivacy) and its development will always remain open and transparent.
- Right-click this link (Where it says Scan for Privacy) and (click) ‘Add to Favorites’: Scan for Privacy (http://www NULL.reclaimprivacy NULL.org/)
- Log in to the facebook.com (http://www NULL.facebook NULL.com/settings/?tab=privacy&ref=mb) privacy settings, open your Favorites, and click the link called ‘Scan for Privacy’
- You will see a series of privacy scans that inspect your privacy settings and warn you about settings that might be unexpectedly public.
4. Follow us on Facebook (http://www NULL.facebook NULL.com/pages/Reclaim-Privacy/121897834504447) to hear about the latest updates.
Read Our Own Privacy Policy
Our privacy policy is not long:
- we never see your Facebook data
- we never share your personal information
Simple. The scanner operates entirely within your own browser.
Statement of limitation of liability: you use this tool at your own risk, and by using this tool you agree to hold neither ReclaimPrivacy.org (nor its contributors) liable for damage to your Facebook account. However, we do strive to reduce that risk by keeping the source code open and transparent, so that we can identify bugs and quickly fix any functionality.
Facebook: TGM Test which proves one of the six things you need to know about Facebook Connections
May 11th
A few minutes ago, TGM Posted information concerning the New Facebook Connections. The information was from the EFF (Electronic Frontier Foundation), and TGM wanted to test and see if we could show you #6 in the list of Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook) (LINK: http://www.techgeekandmore.com/2010/05/10/facebook-connections-eff-electronic-frontier-foundation-privacy-changes-six-things-to-know/ ) because #6
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
For some reason just bugged more than the other 5. The sad thing to report is that within a couple of moment we were able to recreate #6. This affects anyone who posts anything on their or other peoples wall with a setting of “Everyone”.
To make it clear, this happened when posting to a wall with the EVERYONE setting, which means when you post the lock is set to Everyone (Example below).
As noted once I hit share it gets added to the wall.
That is where most people would assume that my post would end. However, it doesn’t, and this is where #6 of the 6 things you need to know comes in play
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
As it says if you use the name of a Connections page in your post on your wall, it may show up on the Connections page. In my test I used FB….I (Note its is FBI but there is a space), and when I go to the FBI Connections page (LINK: http://www.facebook.com/pages/FBI/109596699068116?v=stream&ref=ts (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts)) to my surprise we find
my post for my wall. I didn’t talk about the FBI, I said FB…I, yet I am now listed on a Connections page for the FBI (Of which I don’t believe it has any direct involvement with the actual Bureau). If I didn’t visit the FBI Connections why is my post here. In addition there are other people who have posts for FBI or FB…I that get posted continuously.
So before you post something with EVERYONE settings, you better think about what your posting as it may go past your wall.
Facebook: Six Things You Need to know about Facebook Connections.
May 10th
With the changes to Facebook that recently announced, here is some additional information concerning the Newly Announced Facebook Connections. The Following post is from the EFF (Electronic Frontier Foundation) (LINK: http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook))
Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook)
Commentary (http://www NULL.eff NULL.org/blog-categories/commentary) by Kurt Opsahl (http://www NULL.eff NULL.org/about/staff/kurt-opsahl)
"Connections." It’s an innocent-sounding word. But it’s at the heart of some of the worst of Facebook’s recent changes.
Facebook first announced (http://blog NULL.facebook NULL.com/blog NULL.php?post=382978412130) Connections a few weeks ago, and EFF quickly wrote at length about the problems they created (http://www NULL.eff NULL.org/deeplinks/2010/04/facebook-further-reduces-control-over-personal-information). Basically, Facebook has transformed substantial personal information — including your hometown, education, work history, interests, and activities — into "Connections (http://www NULL.eff NULL.org/deeplinks/2010/04/handy-facebook-english-translator#connections)." This allows far more people than ever before to see this information, regardless of whether you want them to.
Since then, our email inbox has been flooded with confused questions and reports about these changes. We’ve learned lots more about everyone’s concerns and experiences. Drawing from this, here are six things you need to know about Connections:
-
Facebook will not let you share any of this information without using Connections. You cannot opt-out of Connections. If you refuse to play ball, Facebook will remove (http://www NULL.facebook NULL.com/help/?faq=17121) all unlinked information from your profile.
-
Facebook will not respect your old privacy settings in this transition. For example (http://voices NULL.washingtonpost NULL.com/fasterforward/2010/04/facebook_privacy_contd NULL.html), if you had previously sought to share your Interests with "Only Friends," Facebook will now ignore this and share your Connections with "Everyone."
-
Facebook has removed your ability to restrict its use of this information. The new privacy controls only affect your information’s "Visibility," (http://www NULL.eff NULL.org/deeplinks/2010/04/handy-facebook-english-translator#visibility) not whether it is "publicly available."
Explaining what "publicly available" means, Facebook writes (http://www NULL.facebook NULL.com/policy NULL.php):
"Such information may, for example, be accessed by everyone on the Internet (including people not logged into Facebook), be indexed by third party search engines, and be imported, exported, distributed, and redistributed by us and others without privacy limitations."
-
Facebook will continue to store and use your Connections even after you delete them. Just because you can’t see them doesn’t mean they’re not there. Even after you "delete" profile information, Facebook will remember it (http://www NULL.facebook NULL.com/help/?faq=17121). We’ve also received reports that Facebook continues to use deleted profile information to help people find you through Facebook’s search engine.
-
Facebook sometimes creates a Connection when you "Like" something. That "Like" button you see all over Facebook, and now all over the web? It too can sometimes add a Connection (http://www NULL.facebook NULL.com/help/?faq=17219) to your profile, without you even knowing it.
-
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
Facebook: You can now play Pogo Games directly on Facebook, there’s an app for that.
Mar 31st
The following post is for all those who play Pogo and also spend time on Facebook (Of which I happened to be married to one, so this one is for my wife as much as anyone else). Pogo (Owned by Electronic Arts) known for games like Poppit, Word Whomp, and Bingo Luau (among others) has been around now for 10 yrs and has more than 14 million players (Again for the record I have a connection with 1 of those 14 million) according to its about posting on its Facebook Games “Beta” page (LINK: http://www.facebook.com/apps/application.php?v=info&id=310557279950 (http://www NULL.facebook NULL.com/apps/application NULL.php?v=info&id=310557279950)).
The Pogo app for Facebook is currently in Beta stage which means they are still working the bugs out of it, but players can try out games and let Pogo know what they think via the Facebook fan page.
Below is a screenshot of the apps page
The apps page also lists some of the Pogo Games Coming Soon to Facebook
To access the Pogo Facebook app (Link: http://www.facebook.com/login.php?v=1.0&api_key=8176e17dea56c9f0efe26b5736b8a0e8&next=http%3A%2F%2Fapps.facebook.com%2Fpogogames%2F%3Fgameid%3D81092&canvas=true (http://www NULL.facebook NULL.com/login NULL.php?v=1 NULL.0&api_key=8176e17dea56c9f0efe26b5736b8a0e8&next=http%3A%2F%2Fapps NULL.facebook NULL.com%2Fpogogames%2F%3Fgameid%3D81092&canvas=true) )
For information about using the Pogo Facebook app including info for those who have accounts already with Pogo @ Pogo.com
LINK: http://www.facebook.com/topic.php?uid=310557279950&topic=20270
(http://www
