In what appears to be a relatively well planned campaign to build awareness about online security, a group of users (or one individual who has multiple accounts) are systematically going through Facebook Groups which don’t have administrator privileges and taking them over. The individuals, who have accounts under the names “Janis Roukkos” and “Bella Roregit”, change the image for each group and then post a copy of the message and video posted below.
Read the rest of this entry »
Facebook is no stranger to phishing scams and today another one is making its way around Facebook. The scam gets users to fill in their email address and password and then posts 25 wall messages on the walls of the user’s friends. What makes this version of the scam unique is that if the user deletes the wall posts, this system is apparently smart enough to post additional wall posts.
Read the rest of this entry »
There’s a new virus spreading around the web via email which targets Facebook users. According to mxlab, the email includes downloadable files which include the Trojan virus: Bredolab. While I’d imagine that Gmail and more aggressive spam blocking email services will filter this out, anybody who receives a “Facebook Password Reset Confirmation” email should delete it right away.
Read the rest of this entry »
Remember the beginning of the end for MySpace? It was all those random “cute girls” that were friending you even though you didn’t know them. You would log in and there would be 10 friend requests from fake friends. Well, it appears that scammers are trying to do a similar thing on Facebook, which until now was extremely difficult for scammers to penetrate. This new attack attempts to get users to click on a spyware site.
Read the rest of this entry »
Last time around we heard of a worm spreading on Facebook it was called Koobface and it was causing a lot of problems for users. This time around it’s called Boface.BJ but it has already affected millions of users and that’s only expected to grow in the coming months. This morning PandaLabs malware analysis and detection laboratory released a report stating that it just discovered a new variant of the Boface.BJ worm which has already affected an estimated two million users, half of which are in the United States.
Read the rest of this entry »
As Facebook has grown, the need for greater session security has increased to avoid hackers and spammers looking to exploit users. That doesn’t mean their system can’t be broken. 26-year-old Azim Poonawala has successfully built a piece of software that currently cracks Facebook sessions with the assistances of a user’s cookie information. While acquiring an individual’s personal cookie information requires a little bit of extra effort, it’s most definitely a feasible task.
Read the rest of this entry »
This afternoon Tom Krieglstein sent me a video of an interesting glitch that took place to him which gave him administrative access to a number of large brand pages including Star Wars, American Airlines, Delta Airlines, and a number of others. He also was able to send out updates to the Stars Wars page (aka “public profile”) which has over 800,000 fans currently.
Read the rest of this entry »
Over the weekend I wrote about the new “Error Check System” application that was running rampant. A new application is now making the rounds less then a week later. I’ve received numerous emails this morning reporting the issue. The application is called “f a c e b o o k - - closing down!!!” and it automatically sends out a notice to all of your friends saying that you reported them for violating their terms of service.
Read the rest of this entry »
This is a guest post by Joseph Bonneau. Joseph Bonneau is a researcher at the University of Cambridge Computer Laboratory whose research interests include privacy and security in social networks. He originally reported these vulnerabilities on his group’s research blog, Light Blue Touchpaper.
Facebook has a spotty track record enforcing the privacy of photos posted by users and designated as private. Up until last February, Facebook’s photo security relied on users not being able to craft custom PHP queries, instead of checking login cookies with every photo request. It was only a manner of time before this was hacked in a fairly spectacular way in February 2008, exposing a few personal photos of CEO Mark Zuckerberg. The “temporary flaw” was fixed, only to be hacked again in March, and again in May. The Associated Press picked up the story, Paris Hilton’s name got involved, and Facebook was forced to re-work their photo security and prevent these PHP-style hacks.
Read the rest of this entry »
This morning I’ve received at least 10 emails from people about misleading notifications that they received from friends suggesting that their friends “faced some errors” while viewing a user’s profile. The notifications are highly misleading and as expected highly viral. Within hours, hundreds if not thousands of users had registered for the “Error Check System” application to see what was wrong with their profile.
Read the rest of this entry »
