Technology Explained for All
Posts tagged Facebook
Facebook: ALERT – New Malware attack using Facebook. DONT CLICK ON “Most Hilarious Video Ever” wall posts.
May 31st
It seems that recently Facebook has be at the center of many web issues. Unfortunately, this is a trend that seem to continue as now we have a new Facebook attack that has the goal of stealing your credentials (there for taking over your account) in addition to downloading malware on your pc. If you see any wall post about the “Most Hilarious Video Ever”, DO NOT CLICK on it. If its on your own wall delete the post from your wall, if you have already clicked on the link (Fallen for the post), you need to immediately go to your profile and change your password information.
The following information comes from the WEBSENSE blog (LINK: http://community.websense.com/blogs/securitylabs/ (http://community NULL.websense NULL.com/blogs/securitylabs/)) concerning this new FB attack, included below is a video from websense showing how the attack happens.
Posted: 28 May 2010 09:11 PM
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/1106 NULL.facebook_5F00_hilarious_5F00_1 NULL.png)
We predicted that this attack would happen again and unfortunately we were right.
This attack is different from previous weekends as not only do the attackers try to steal your Facebook credentials, what happens after that depends on which country you connect from. Once you click on the link to view the video you are taken to a fake Facebook login page where you are tricked into entering your credentials. The login page look like the real thing except of course if you look at the address bar you can see that you’re not on facebook.com. But users can easily be tricked into thinking that they temporarily were logged out of Facebook and to continue they have to login.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4478 NULL.facebook_5F00_hilarious_5F00_4 NULL.png)
Regardless of what you enter in the login form you are then taken to a page on the real Facebook site that asks you to allow the application to access your profile. If you allow that you’re taken to a page saying that you need to upload your FLV Player to view the video. Up until this point it’s similar to how the two previous attacks have worked, except that this new one also has the phishing component. However, what happens now depends on which country you are connecting from.
If you are coming from a US IP address you are prompted to download the FLV Player, which is detected by 35% of antivirus engines (http://www NULL.virustotal NULL.com/analisis/ba220931f0993b752cc9cc25d449904646528fee138ace928f027bb643f3b61e-1275104977), as can be seen in the screen shot:
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/3755 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/0842 NULL.facebook_5F00_hilarious_5F00_2 NULL.png)
However, if you’re coming from a UK IP address you’re taken to a quiz where they have to answer 10 questions.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/4617 NULL.facebook_5F00_hilarious_5F00_3 NULL.png)
Once completed the user then gets the chance to win an iPad! All they have to do is to fill in their address. So instead of tricking the user into installing a malicious file, this time they’re after your information in addition to your Facebook credentials from the fake login page.
(http://community NULL.websense NULL.com/cfs-file NULL.ashx/__key/CommunityServer NULL.Blogs NULL.Components NULL.WeblogFiles/securitylabs/8512 NULL.facebook_5F00_hilarious_5F00_5 NULL.png)
It’s very likely that the behavior is different than the two examples we have described depending on which country you connect from. In our testing we only had the ability to test this attack from the US and UK but regardless of where you are connecting from you shouldn’t click on the fake video and never, ever give you Facebook username and password to a website that is not facebook.com. We also recommend you to install Defensio, our free security app for Facebook that will protect your wall from posts like this. You can get it from http://defensio.com (http://defensio NULL.com)
FACEBOOK: How to Permanently Delete a Facebook Account
May 23rd
With all the recent changes and issues that have occurred with Facebook, you may feel that you no longer want to be part of Facebook. Unfortunately Facebook makes actually deleting your account very difficult. If all you want to do is deactivate your account (which is different that deleting) you can do that easily, but Facebook makes actually deleting everything much harder to find.
The following link is for a post on www.wikihow.com (http://www NULL.wikihow NULL.com) **, which seems to be the most complete information on how to actually make your Facebook profile go away.
http://www.wikihow.com/Permanently-Delete-a-Facebook-Account (http://www NULL.wikihow NULL.com/Permanently-Delete-a-Facebook-Account)
**NOTE: While reading thru the wiki post, you will see a couple of sections that are listed as “Ads by Google”. The lines labeled as “Ads by Google” have nothing to do with the steps to delete your Facebook Account.
Facebook Disables KNOI Radio Facebook page!
May 23rd
In Support of KNOI Radio, I’m posting the link to KNOI where they talk about how their pages got disabled. It appears that the KNOI Radio pages were disabled because of “Criticism of Facebook Policies”.
Facebook Disables KNOI Radio Facebook page! | (http://knoifm NULL.com/news/1569-facebookdisablesknoi NULL.html)
Posted using ShareThis (http://sharethis NULL.com)
Facebook: A simple way to check your privacy/security settings.
May 18th
With all the talk about Facebook and its ever changing security settings, I have a new way (and simple way) to check your settings to see if your profile settings are set for privacy. If you visit Reclaimprivacy (LINK: http://www.reclaimprivacy.org/ (http://www NULL.reclaimprivacy NULL.org/)) you can check and see what your settings are allowing to be made public.
ReclaimPrivacy focuses on six primary areas:
- Whether your personal information is restricted to your friends or closer
- Whether your contact information is exposed to the entire Internet
- Whether all of your friends, tags and connections are restricted to you or closer
- Whether your friends can share information about your with external applications or websites
- Whether you’re opted out of Facebook’s new instant personalization program
- Whether you’ve blocked applications that can leak your information.
As the ReclaimPrivacy site states –
Our mission is to promote privacy awareness on Facebook and elsewhere. Spread awareness to your friends on Facebook by sharing this website with them:
To Check you settings is actually pretty simple. The following steps will guide to how you can scan your settings. (This information is from the Reclaimprivacy.org site)
Get Protected
This website provides an independent and open tool for scanning your Facebook privacy settings. The source code (http://github NULL.com/mjpizz/reclaimprivacy) and its development will always remain open and transparent.
- Right-click this link (Where it says Scan for Privacy) and (click) ‘Add to Favorites’: Scan for Privacy (http://www NULL.reclaimprivacy NULL.org/)
- Log in to the facebook.com (http://www NULL.facebook NULL.com/settings/?tab=privacy&ref=mb) privacy settings, open your Favorites, and click the link called ‘Scan for Privacy’
- You will see a series of privacy scans that inspect your privacy settings and warn you about settings that might be unexpectedly public.
4. Follow us on Facebook (http://www NULL.facebook NULL.com/pages/Reclaim-Privacy/121897834504447) to hear about the latest updates.
Read Our Own Privacy Policy
Our privacy policy is not long:
- we never see your Facebook data
- we never share your personal information
Simple. The scanner operates entirely within your own browser.
Statement of limitation of liability: you use this tool at your own risk, and by using this tool you agree to hold neither ReclaimPrivacy.org (nor its contributors) liable for damage to your Facebook account. However, we do strive to reduce that risk by keeping the source code open and transparent, so that we can identify bugs and quickly fix any functionality.
Facebook: Facebook Connections becoming a reality. Like it or not!
May 12th
Two days ago, TGM listed “The 6 things you need to know about Facebook Connect” (LINK: http://www.techgeekandmore.com/2010/05/10/facebook-connections-eff-electronic-frontier-foundation-privacy-changes-six-things-to-know/), which is based on information provided by the EFF (Electronic Frontier Foundation).
Well it seems that Facebook is now rolling out Connect, as seen by the screenshots below. (Disclaimer: These are screenshots I took, not from someone else). After looking at the windows and the choices (or lack there of) that Facebook gives, connections leaves a lot to be desired.
When I 1st signed on the following Window appeared over my normal Facebook page. On the top of the Window it talks about “…improved the profile….” then the next line says “your pages are public”. One of the things to note about this window is that you only get to choose “Link All to My Profile” (Which means your open to having anything you do made public, if I understand it right) or “Choose Individually” (Which ONLY gives you a choice of what picking pages), nowhere do you see an opt out or no thanks.
As i don’t like to just allow changes without seeing what is being changed, I selected “Choose Individually” and this is the next window that I get. For starters in this window, note that the only options I get are “Save Changes” or “Logout”, so it seems that Facebook will force you to make the selection, if you want to or not.
In addition, if you carefully read the section under “Confirm the Pages that will be on your profile”, you will see
- Linking to education and work, pages may also create additional pages, such as for your major or job title.
*****Note that it says may create, NOT you can create. That says to me things done for me, about me, that I have no control over. That says to me SCARRY!
- If you don’t link to any pages, these sections on your profile will be empty.
*****So you either accept the way Facebook wants to make your life public or you our out of luck.
- By linking your profile to pages, you will be making these connections public.
*****I’ll give Facebook this much, they aren’t trying to cover up the fact that they want your life to be shared with everyone in the world (Not just your friends on Facebook, or just other Facebook member), remember that Facebook is now searchable from search engines.
At the end of the Confirm section in the window above there is a “Learn More”. Here is what you get when you click on “Learn More”. There is 1 line here that I think is of interest, (Lower Right side) “To help you link to actual pages, we’ve matched info you’ve entered on your profile to Pages about those topics”. So lets review to critical things (In my view)
- Facebook has matched information I entered into my profile (that when entered was probably meant as information for my select friends alone!) and added me to pages because of this info.
- (From Above) By linking your profile to pages, you will be making these connections public.
(**Keeping in mind the short attention span these days, many people will NOT put 2 and 2 together here, again my opinion)
And lastly, in the selection window I unchecked everything in that window, then hit the save changes button. What I got was the following Window. “If you don’t link to any Pages, the following sections of your profile will be empty”
So now, even if I wanted to privately list for friends and family where I work or what city I’m in or my likes, I CAN’T, because Facebook now says you need to share with the entire class (world) or nothing at all.
This post is not intended to be anything more than information. Each person that uses Facebook needs to choose if they are comfortable with the requirements and with their information being made public. For those who think “no big deal” then this will just be another day in the life of Facebook. For those who have concerns then you need to figure out if the benefits of Facebook are worth the exposure. All this post is, an attempt to try and keep the TGM better informed.
Facebook: TGM Test which proves one of the six things you need to know about Facebook Connections
May 11th
A few minutes ago, TGM Posted information concerning the New Facebook Connections. The information was from the EFF (Electronic Frontier Foundation), and TGM wanted to test and see if we could show you #6 in the list of Six Things You Need to Know About Facebook Connections (http://www NULL.eff NULL.org/deeplinks/2010/05/things-you-need-know-about-facebook) (LINK: http://www.techgeekandmore.com/2010/05/10/facebook-connections-eff-electronic-frontier-foundation-privacy-changes-six-things-to-know/ ) because #6
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
For some reason just bugged more than the other 5. The sad thing to report is that within a couple of moment we were able to recreate #6. This affects anyone who posts anything on their or other peoples wall with a setting of “Everyone”.
To make it clear, this happened when posting to a wall with the EVERYONE setting, which means when you post the lock is set to Everyone (Example below).
As noted once I hit share it gets added to the wall.
That is where most people would assume that my post would end. However, it doesn’t, and this is where #6 of the 6 things you need to know comes in play
Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up (http://facebookiswatchingyou NULL.blogspot NULL.com/2010/04/what-you-say-now-on-facebook-can-go-to NULL.html) on the Connection page, without you even knowing it. (For example, if you use the word "FBI" (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts) in a post).
As it says if you use the name of a Connections page in your post on your wall, it may show up on the Connections page. In my test I used FB….I (Note its is FBI but there is a space), and when I go to the FBI Connections page (LINK: http://www.facebook.com/pages/FBI/109596699068116?v=stream&ref=ts (http://www NULL.facebook NULL.com/pages/FBI/109596699068116?v=stream&ref=ts)) to my surprise we find
my post for my wall. I didn’t talk about the FBI, I said FB…I, yet I am now listed on a Connections page for the FBI (Of which I don’t believe it has any direct involvement with the actual Bureau). If I didn’t visit the FBI Connections why is my post here. In addition there are other people who have posts for FBI or FB…I that get posted continuously.
So before you post something with EVERYONE settings, you better think about what your posting as it may go past your wall.
(http://www
