Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Trojan in Facebook

nikolaivas writes: Source:

Facebook and its users are having a rough day. A serious Facebook virus is attacking the network's users.

For the laymen:

If you receive a Facebook message (or a Facebook message alert in your email) with a questionable subject line, DO NOT CLICK THE LINK IN THE BODY!

All of the information in this post was garnered from an awesome article from by Narelle Towie.

Questionable subject titles vary from "Maan,yyou're great!" to "your ass looks not bad in this video", "Some0ne thinks your special and has a *Hot_Crush* on you. Find out who it could be*" or a youtube link that says '"i can see yooooooooo". These links disguise a trojan worm and should not be clicked.

This trojan comes just months after Facebook said it was working to protect its user from phishing scams.

For the tech geeks, here is a more detailed explanation of the virus from Towie's article:

FACEBOOK users are under attack from a virus sweeping through the online social network.

The virus is technically a trojan worm that disguises itself as an email from

People are enticed to click on a misspelled video or picture link that directs to a malicious web site.

The worm spreads its tentacles by emailing everyone on the victim's friend list.

According to anti-virus software company Symantec, the trojan works by executing a worm called W32.Koobface.A that searches for cookies on the user's machine.

If the worm finds the appropriate Facebook cookie, it modifies the users account settings and profile — adding links to malicious sites to trick others into installing the invader.

Facebook discussion boards talk about the trojan directing users to a page which looks like YouTube.

The phony page asks the user to install a video player upgrade.

Installing the fake upgrade allows the worm to work its magic and access files on the victim's machine while destroying their Facebook account.

Facebook has begun combating the virus by deactivating link when it can.

Facebook has not released an official comment regarding the attack.
The Internet

Submission + - UK ISPs are censoring Wikipedia

Concerned Wikipedian writes: Starting December 4th, Wikipedia administrators noticed a surge of edits from certain IP addresses. These IPs turned out to be the proxies for the content filters of at least 6 major UK ISPs. After some research by Wikipedians, it appears that the image of the 1970s LP cover art of the Scorpions' "Virgin Killer" has been blocked because it was judged to be "child pornography" and all other attempts to access Wikimedia foundation sites from these ISPs are being proxied to only a few IP addresses. The latter is causing many problems for Wikipedia administrators because much of the UK vandalism now comes from a single IP that when blocked affects potentially hundreds of thousands of anonymous users who intend no harm and are utterly confused as to why they are no longer able to edit. The image was flagged by the the Internet Watch Foundation, which is funded by the EU and the UK government and has the support of many ISPs and online institutions in the UK. The filter is fairly easy to circumvent simply by viewing the article in some other languages, or by logging in on the secure version of Wikipedia. [Wikinews] and [ZDnet]

Journal Journal: Purified urine to be astronauts' drinking water 9

Reuters is reporting

"As NASA prepares to double the number of astronauts living aboard the International Space Station, nothing may do more for crew bonding than a machine being launched aboard the space shuttle Endeavour on Friday. It's a water-recycling device that will process the crew's urine for communal consumption.


Submission + - Handling Caller ID Spoofing 1

An anonymous reader writes: A nice little old lady I know has had her number spoofed by some car warranty scammers. They're calling hundreds of potential victims per day pretending to use her phone number, and the angry ones call her back, some of which have even left death threats. She's terrified. Some well-intending anti-telemarketing folks have posted her address on the 'net as well. How can we figure out where these scammer bastards are, and what's the state of the current legislation to prevent caller ID spoofing? I called the FBI in Boston (near where she lives) and they said they can't help. She's called her phone company, but they said they can't help either. She's had the same number for over 50 years and doesn't want to change it. So when the Feds can't handle it, you Ask Slashdot!

Submission + - A big step for a man, a small step for mankind (

KlaymenDK writes: "Hello my fellow privacy-conscious slashdotters!

This last decade or so, I have strived to maintain my privacy. I have uninstalled Windows, told my friends "sorry" when they wanted me to be on Facebook, had a fight with my brother when he wanted to move the family email hosting to GMail, and generally held back on my personal information online. But since, amongst all of my friends, I am the ONLY one doing this, it may well be that there is no point in all of this and my battle is lost already.

Worse, if in spite of this I'm still not "on" any of these services, I'm really putting myself out of the loop (and poking myself in the eye everytime I use Squirrelmail instead of GMail). It is starting to look like self-flagellation, and I can't particularly enjoy it if I don't see at least some advantage to it. Indeed, it is a common enough occurrence that my wife or friends strike up conversations based on something from their Facebook "wall" (whatever that is) that it has become clear to me just how out of the loop I really am.

Becoming ever more unconnected with my friends (be it in a human or online way) is ultimately harming my social relations — and since I have a slashdot account you know they can't be that good to begin with...

What's my point? I am seriously considering throwing in the towel (hoping I won't be doing any impromptu space travelling) and signing up for GMail, Facebook, the lot (and then using Tor a lot more than I already am). My point is, if "they" have my soul already, I might as well reap the benefits of this newfangled, privacy-less, ajax-2.0 world. It doesn't really matter if it was me or my friends selling me out. Or does it?

I'd love to hear your thoughts on this matter. How many Windows-eschewing users are NOT also eschewing the social networking services and all the other 2.0 supersites with their dubious end-user license agreements?"

Feed Schneier: New Cross-Site Request Forgery Attacks (

Interesting: CSRF vulnerabilities occur when a website allows an authenticated user to perform a sensitive action but does not verify that the user herself is invoking that action. The key to understanding CSRF attacks is to recognize that websites typically don't verify that a request came from an authorized user. Instead they verify only that the request came from the...
It's funny.  Laugh.

Submission + - Greatest IT Mistakes (

martyb writes: I'm a long-time member of /. and an even-longer-time reader of The Risks Digest (Forum On Risks To The Public In Computers And Related Systems). Their archives go back to 1985! If you missed out on Bone-Headed IT Mistakes, here's your chance: Andrew Brandt is Seeking tales of IT gone wrong. I can think of no better source than right here on /. and am in hopes that you can help him out (and entertain us here) with your tales of woe. In part, he writes:

I'm a freelance reporter, currently on assignment to write a story for *Infoworld*. The gist of the story is "Greatest IT Mistakes," where I hope to relate true anecdotes of people who — perhaps in an ill-advised, well-intentioned state of mind — set off a cascade of errors that resulted in serious computer downtime, lost data, or other notable information technology failures or problems. ... Please send me true stories, preferably where you have direct, personal knowledge of the details and parties involved.

The goal of the story is not to humiliate a person, or call attention to a company with poor IT policies. This isn't a name-and-shame piece. I'd like the story to serve as a cautionary tale to others, with a humorous angle, if that's possible. And I think it is. To that end, I'm willing to anonymize what anyone cares to share with me to whatever extent is necessary to avoid such humiliation. Of course, if the person or people responsible for, by way of entirely hypothetical example, deleting a company's entire e-mail archive in the process of performing a backup are willing to have their identities disclosed, I'd be more than happy to oblige. (emphasis added)

What is YOUR best (worst?) story? Does it make the grade of "Greatest IT Mistakes"?


Submission + - Can You See Fossett's Plane on Google Earth? (

GirlScout writes: A ground team has found Steven Fossett's airplane after a hiker noticed that some of his belongings were tangled in a bush. The discovery came one year after two high profile searches that made use of satellite imagery and crowdsourcing were unsuccessful — one for Fossett and the other for David Gray. Wired Science wants to know if anyone can spot the wreckage on Google Earth. That would provide some validation for the unproven search and rescue technique.

Submission + - Steve Fossett search back on

sbibayoff writes: "After, according to CNN, "Hikers in California found items belonging to missing millionaire adventurer Steve Fossett, officials said Wednesday. A weathered sweat shirt, cash and a pilot license with Fossett's name were found Tuesday near Mammoth Lakes, police Chief Randy Schienle said. The license did not have a photo, he said."
"No plane wreckage was found, but a multi-jurisdictional team would return to the area of the discovery to search by air and on foot, Schienle sai""

Submission + - Jetpack man crosses English Channel

Smivs writes: "A Swiss man has become the first person to fly solo across the English Channel using a jet-propelled wing. The BBC article contains video of the feat. Yves Rossy landed safely after the 22-mile (35.4 km) flight from Calais to Dover, which had been twice postponed this week because of bad weather. The former military pilot took less than 10 minutes to complete the crossing and parachute to the ground. The 49-year-old flew on a plane to more than 8,200ft (2,500m), ignited jets on a wing on his back, and jumped out. It felt "great, really great", said Mr Rossy."
The Internet

Submission + - SPAM: Accused of tolerating scammers, an ISP goes dark

alphadogg writes: The lifeline linking notorious service provider Intercage to the rest of the Internet has been severed. Intercage, which has also done business under the name Atrivo, was knocked offline late Saturday night when the last upstream provider connecting it to the Internet's backbone, Pacific Internet Exchange, terminated Intercage's service. Intercage president Emil Kacperski said Pacific did not tell him why his company had been knocked offline, but he believes it was in response to pressure from Spamhaus, a volunteer-run antispam group, which has been highly critical of Intercage's business practices.
Link to Original Source

Submission + - New Mersenne Primes Announced 1

Mini-Geek writes: GIMPS has announced M45 and M46, found September 6 and August 23 respectively. Both numbers are over 10,000,000 digits, having 11,185,272 and 12,978,189 respectively. The numbers are 243,112,609-1 and 237,156,667-1. M45 and M46 were discovered by Hans-Michael Elvenich and Edson Smith respectively. GIMPS will claim the EFF's $100K reward for the first prime number with over 10,000,000 digits. GIMPS will split the prize money by their prize rules, with $50,000 going to the discoverer of M46. The discoverer of M45 will not receive any prize money, since he discovered M45 after M46. M45 is 'the first Mersenne prime to be discovered out of order since Colquitt and Welsh discovered 2110,503-1 in 1988.' Read more about both new primes at

Submission + - Why Does Hurricane Size Not Get As Much Attention? 1

circletimessquare writes: "Hurricanes can vary greatly in size. As of Thursday Evening, Ike is a Category 2-3 Storm. But it is extremely large. Therefore, in terms of raw destructive energy, it is stronger and more dangerous than even Hurrican Katrina. A good comparison of raw strength, ironically on an experimental NOAA scale called IKE (integrated kinetic energy), quantifies this comparison. Anyone with a passing familiarity with physics understands a wind going 100 mph and 30 miles wide packs more energy than a wind going 200 mph but only 10 miles wide. But there are people who choose to wait things out in Houston and Galveston, for many foolish reasons, but not least of which because they hear that Ike is only Category 2. So why doesn't the NOAA and the media convey more information, use a different scale that takes into account storm size as well as wind speed, or at least quote the numbers together? Such as 'Hurricane Ike is a Category 2x550 storm' (550 miles across)."

Submission + - Using ITunes Genius Isn't Smart (

rsmiller510 writes: "The other day I downloaded the latest version of iTunes and discovered the much-heralded Genius feature is a not-so subtle way to sell content on iTunes. First, you have to transmit a list of the contents of your library to Apple, then they make suggestions in the iTunes store based on your content. Genius also can build playlists based on your content in your library, but not unless you transmit to Apple your information to Apple first. They could have made it a service that just checks your library or lets you share your info to get suggestions from the Apple store, but they chose to force you to send your information and that's what really bothers me."

The shortest distance between two points is under construction. -- Noelie Alito