Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Submission + - Trojan in Facebook

Submitted by nikolaivas
nikolaivas writes: Source: http://fbtt.blogspot.com/2008/12/trojan-in-facebook.html

Facebook and its users are having a rough day. A serious Facebook virus is attacking the network's users.

For the laymen:

If you receive a Facebook message (or a Facebook message alert in your email) with a questionable subject line, DO NOT CLICK THE LINK IN THE BODY!

All of the information in this post was garnered from an awesome article from news.com.au by Narelle Towie.

Questionable subject titles vary from "Maan,yyou're great!" to "your ass looks not bad in this video", "Some0ne thinks your special and has a *Hot_Crush* on you. Find out who it could be*" or a youtube link that says '"i can see yooooooooo". These links disguise a trojan worm and should not be clicked.

This trojan comes just months after Facebook said it was working to protect its user from phishing scams.

For the tech geeks, here is a more detailed explanation of the virus from Towie's article:

FACEBOOK users are under attack from a virus sweeping through the online social network.

The virus is technically a trojan worm that disguises itself as an email from facebookmail.com.

People are enticed to click on a misspelled video or picture link that directs to a malicious web site.

The worm spreads its tentacles by emailing everyone on the victim's friend list.

According to anti-virus software company Symantec, the trojan works by executing a worm called W32.Koobface.A that searches for cookies on the user's machine.

If the worm finds the appropriate Facebook cookie, it modifies the users account settings and profile — adding links to malicious sites to trick others into installing the invader.

Facebook discussion boards talk about the trojan directing users to a page which looks like YouTube.

The phony page asks the user to install a video player upgrade.

Installing the fake upgrade allows the worm to work its magic and access files on the victim's machine while destroying their Facebook account.

Facebook has begun combating the virus by deactivating link when it can.

Facebook has not released an official comment regarding the attack.
The Internet

Submission + - UK ISPs are censoring Wikipedia

Submitted by Concerned Wikipedian
Concerned Wikipedian writes: Starting December 4th, Wikipedia administrators noticed a surge of edits from certain IP addresses. These IPs turned out to be the proxies for the content filters of at least 6 major UK ISPs. After some research by Wikipedians, it appears that the image of the 1970s LP cover art of the Scorpions' "Virgin Killer" has been blocked because it was judged to be "child pornography" and all other attempts to access Wikimedia foundation sites from these ISPs are being proxied to only a few IP addresses. The latter is causing many problems for Wikipedia administrators because much of the UK vandalism now comes from a single IP that when blocked affects potentially hundreds of thousands of anonymous users who intend no harm and are utterly confused as to why they are no longer able to edit. The image was flagged by the the Internet Watch Foundation, which is funded by the EU and the UK government and has the support of many ISPs and online institutions in the UK. The filter is fairly easy to circumvent simply by viewing the article in some other languages, or by logging in on the secure version of Wikipedia. [Wikinews] and [ZDnet]
NASA

Journal Journal: Purified urine to be astronauts' drinking water 9

Journal by tomhudson

Reuters is reporting

"As NASA prepares to double the number of astronauts living aboard the International Space Station, nothing may do more for crew bonding than a machine being launched aboard the space shuttle Endeavour on Friday. It's a water-recycling device that will process the crew's urine for communal consumption.
Spam

Submission + - Handling Caller ID Spoofing 1

Submitted by Anonymous Coward
An anonymous reader writes: A nice little old lady I know has had her number spoofed by some car warranty scammers. They're calling hundreds of potential victims per day pretending to use her phone number, and the angry ones call her back, some of which have even left death threats. She's terrified. Some well-intending anti-telemarketing folks have posted her address on the 'net as well. How can we figure out where these scammer bastards are, and what's the state of the current legislation to prevent caller ID spoofing? I called the FBI in Boston (near where she lives) and they said they can't help. She's called her phone company, but they said they can't help either. She's had the same number for over 50 years and doesn't want to change it. So when the Feds can't handle it, you Ask Slashdot!
Google

Submission + - SPAM: Flickr/Facebook/Google changes prompt big backlash 1

Submitted by
destinyland
destinyland writes: "How should web services respond when their users are revolting over unannounced changes to their web services? One analyst explains it this way. "There is backlash to change, simple as that." (Thursday's upgrade to Flickr's "Recent Activity" page has already prompted over 3,700 angry posts.) And his solution? Giving users a way to opt out. "You can dismiss it," Yahoo's Tapan Bhatt tells the New York Times, "which is stupid. Or you can try to understand what it is that users are telegraphing." One Facebook user has even launched a group just to protest forced web page designs, and angry activists have even tried swamping Google's headquarters with phone calls and emails to the developers and executives behind recent changes to the iGoogle homepages."
Link to Original Source
Privacy

Submission + - A big step for a man, a small step for mankind (slashdot.org)

Submitted by
KlaymenDK
KlaymenDK writes: "Hello my fellow privacy-conscious slashdotters!

This last decade or so, I have strived to maintain my privacy. I have uninstalled Windows, told my friends "sorry" when they wanted me to be on Facebook, had a fight with my brother when he wanted to move the family email hosting to GMail, and generally held back on my personal information online. But since, amongst all of my friends, I am the ONLY one doing this, it may well be that there is no point in all of this and my battle is lost already.

Worse, if in spite of this I'm still not "on" any of these services, I'm really putting myself out of the loop (and poking myself in the eye everytime I use Squirrelmail instead of GMail). It is starting to look like self-flagellation, and I can't particularly enjoy it if I don't see at least some advantage to it. Indeed, it is a common enough occurrence that my wife or friends strike up conversations based on something from their Facebook "wall" (whatever that is) that it has become clear to me just how out of the loop I really am.

Becoming ever more unconnected with my friends (be it in a human or online way) is ultimately harming my social relations — and since I have a slashdot account you know they can't be that good to begin with...

What's my point? I am seriously considering throwing in the towel (hoping I won't be doing any impromptu space travelling) and signing up for GMail, Facebook, the lot (and then using Tor a lot more than I already am). My point is, if "they" have my soul already, I might as well reap the benefits of this newfangled, privacy-less, ajax-2.0 world. It doesn't really matter if it was me or my friends selling me out. Or does it?

I'd love to hear your thoughts on this matter. How many Windows-eschewing users are NOT also eschewing the social networking services and all the other 2.0 supersites with their dubious end-user license agreements?"

Feed Schneier: New Cross-Site Request Forgery Attacks (schneier.com)

From feed by bsfeed
Interesting: CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don't verify that a request came from an authorized user. Instead they verify only that the request came from the...
Music

Submission + - EFF Report: RIAA legal crusade losing credibility (kingofgng.com)

Submitted by
KingofGnG
KingofGnG writes: "After five years of legal threats against tens of thousands of American music consumers, the hands of RIAA, the USA recording labels organization, remain empty or barely over: from any standpoint you look at the matter, states the Electronic Frontier Foundation, the majors have lost the bet to reestablish the control on digital contents delivery while succeeding in antagonizing a huge amount of potential customers, pretty happy to not to give a single cent to those viewing them as "pirates" dangerous for business, artists, music and the entire world. Story here."
It's funny. Laugh.

Submission + - Greatest IT Mistakes (ncl.ac.uk)

Submitted by martyb
martyb writes: I'm a long-time member of /. and an even-longer-time reader of The Risks Digest (Forum On Risks To The Public In Computers And Related Systems). Their archives go back to 1985! If you missed out on Bone-Headed IT Mistakes, here's your chance: Andrew Brandt is Seeking tales of IT gone wrong. I can think of no better source than right here on /. and am in hopes that you can help him out (and entertain us here) with your tales of woe. In part, he writes:

I'm a freelance reporter, currently on assignment to write a story for *Infoworld*. The gist of the story is "Greatest IT Mistakes," where I hope to relate true anecdotes of people who — perhaps in an ill-advised, well-intentioned state of mind — set off a cascade of errors that resulted in serious computer downtime, lost data, or other notable information technology failures or problems. ... Please send me true stories, preferably where you have direct, personal knowledge of the details and parties involved.

The goal of the story is not to humiliate a person, or call attention to a company with poor IT policies. This isn't a name-and-shame piece. I'd like the story to serve as a cautionary tale to others, with a humorous angle, if that's possible. And I think it is. To that end, I'm willing to anonymize what anyone cares to share with me to whatever extent is necessary to avoid such humiliation. Of course, if the person or people responsible for, by way of entirely hypothetical example, deleting a company's entire e-mail archive in the process of performing a backup are willing to have their identities disclosed, I'd be more than happy to oblige. (emphasis added)

What is YOUR best (worst?) story? Does it make the grade of "Greatest IT Mistakes"?
Earth

Submission + - Can You See Fossett's Plane on Google Earth? (wired.com)

Submitted by GirlScout
GirlScout writes: A ground team has found Steven Fossett's airplane after a hiker noticed that some of his belongings were tangled in a bush. The discovery came one year after two high profile searches that made use of satellite imagery and crowdsourcing were unsuccessful — one for Fossett and the other for David Gray. Wired Science wants to know if anyone can spot the wreckage on Google Earth. That would provide some validation for the unproven search and rescue technique.
Quickies

Submission + - Steve Fossett search back on

Submitted by
sbibayoff
sbibayoff writes: "After, according to CNN, "Hikers in California found items belonging to missing millionaire adventurer Steve Fossett, officials said Wednesday. A weathered sweat shirt, cash and a pilot license with Fossett's name were found Tuesday near Mammoth Lakes, police Chief Randy Schienle said. The license did not have a photo, he said."
"No plane wreckage was found, but a multi-jurisdictional team would return to the area of the discovery to search by air and on foot, Schienle sai"

http://www.cnn.com/2008/US/10/01/fossett.discovery/index.html"
Technology (Apple)

Submission + - Apple drops part of iPhone developer NDA

Submitted by
ds
ds writes: "Apple, this morning, announced they are dropping the iPhone Developer NDA in respect to released software. Previously, iPhone developers were legally bound even after their software had been released. The message, as seen on Apple's iPhone Developer site:

We have decided to drop the non-disclosure agreement (NDA) for released iPhone software. We put the NDA in place because the iPhone OS includes many Apple inventions and innovations that we would like to protect, so that others don't steal our work. It has happened before. While we have filed for hundreds of patents on iPhone technology, the NDA added yet another level of protection. We put it in place as one more way to help protect the iPhone from being ripped off by others. However, the NDA has created too much of a burden on developers, authors and others interested in helping further the iPhone's success, so we are dropping it for released software. Developers will receive a new agreement without an NDA covering released software within a week or so. Please note that unreleased software and features will remain under NDA until they are released. Thanks to everyone who provided us constructive feedback on this matter."
Announcements

Submission + - Jetpack man crosses English Channel

Submitted by
Smivs
Smivs writes: "A Swiss man has become the first person to fly solo across the English Channel using a jet-propelled wing. The BBC article contains video of the feat. Yves Rossy landed safely after the 22-mile (35.4 km) flight from Calais to Dover, which had been twice postponed this week because of bad weather. The former military pilot took less than 10 minutes to complete the crossing and parachute to the ground. The 49-year-old flew on a plane to more than 8,200ft (2,500m), ignited jets on a wing on his back, and jumped out. It felt "great, really great", said Mr Rossy."

Slashdot Top Deals

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin

Close