oh what a tangled 'web' we weave
Facebook. that's all I need to say.
Facebook confessed today that buggy code potentially exposed all of its users' accounts to hackers over the past 14 months. It reckons miscreants snooped on least 50 million people's private profiles, and perhaps as much as 90 million. In a security note posted Friday morning, the social media giant's VP of product management …
That quote about the 2FA Ads really irks me, because Facebook's chief security officer outright lied saying 'the ads were being sent out due to a bug" (Alex Stamos). And he was considered one of the good guys at Facebook before his departure... What does that say about rest of the Alan B'stards who still work there. Not much then!
https://www.buzzfeednews.com/article/ryanmac/facebook-alex-stamos-memo-cambridge-analytica-pick-sides
You also know, they break the news it's 50m, and before you know it's it's 500m, but they know that because all the media have already run with the other story, very few will bother running with the update.
Several other companies have done this recently....
I've been Facebook free for 8 years now, and living life. I do know however, that despite me asking them to delete my data 8 years ago, they decided to hang onto it.. How do I know this. Every once in a while, I setup a fake account with no personal details whatsoever, just logging in from my home internet, and immediately, it recommends people I know to connect with. They clearly haven't deleted my data, as they have retained IP/Friend data from over 8 years ago.
I would report them to the ICO, but they are just a big waste of space. Best just avoid the Facebook, the kings of data scumbaggery.
im on the other side of the coin. i got locked out of FB years ago because i couldnt remember what fake date of birth i used. I still get notifications on the hotmail email address i used so its still active. I could do with logging in again to get some old chums contact details (who were also fake so i cant look them up).
are there any lists of users vs dob's?
"why would hackers go to the trouble of cracking faecebook accounts when all they are likely to find is petabytes of puerile drivel from mouth-breathers."
they can send out very plausible messages along the lines of "hey I'm in foreign country, wallet's been stolen, could you wire me some cash"
And the next drip feed of bad news. If you used the obviously retarded Facebook login for lazy people on other sites, that's those sites compromised also...
Your whole digital life has been raped, it's not not just Cambridge analytica that knows everything about you, the Russians do too..
I have never use the ridiculous "Facebook login" feature, nor the other brand alternatives, on any site. Nor would I allow a site that I own, manage or have any meaningful influence over to offer this choice either. Entrust your site security to a huge, anonymous, organisation based in a regime that has zero effective data protection laws? How about hell no?
You admit to having a FB account.
I only got one because it was required to do work at FB.
I was a contractor and it wasn't my choice to go to FB.
I deleted it within minutes of leaving... but want to bet they still capture information about me?
Sorry, but when you're their customer and their product... never a good ending.
I got a message saying my FB had probably been targeted by government-sponsored hackers and was immediately logged out and made to change my password.
At the time I checked my login history and didn't see anything that I couldn't recognise as me, but it's possible that this was the way they got in.
There is absolutely such information. I don't know how much facebook divulged to these people, but they could easily have gotten post history, images uploaded, messages between people, etc. This includes data that was not public on that person's pages. It is possible that the people may have gotten more information. It is not safe to use facebook for many reasons, this being only the latest one.
All you need to do is hit 'download my data' into a quickly compiled zip file from their backend and you have absolutely everything, private and public, that the user has touched using their FB account.
Crivvens knows what a fully authorised session could gain access to...
"I'm pleased that I use a unique password for the site"
I hope you use fake person details, a fake name, and a unique to Facebook email address too.
Also a burner anonymous SIM if you've given them a phone number.
Also that you don't use a Facebook or related company App on your phone.
*It's best actually to not use Facebook at all.*
I wanted to view something (a particular photograph, I think - it was a while ago!) that was only available on FB and created an account with a completely false identity, together with a disposable e-mail address, set for around six messages to actually arrive, which I promptly "bounced" in Mailwasher, as they were all trite and banal. Eventually, FB cottoned on and suspended the account, their reason being that I was not using my "real" details. That's the only contact I have ever had with FB and good riddance, I say!
I did get a vague message that "Your security is our greatest concern </hypocrisy>" and got logged out, but nothing to state my account was compromised. I am not terribly worried. As with all online stuff: I avoid putting anything online (even if purportedly private) that I wouldn't want others to see, don't use Facebook (or Google) to log in to anything else, and keep separate passwords for different sites. I keep in touch with some friends and colleagues on FB, I post some hobby stuff, which may be of use to those selling cookery items, astronomy and photography gear, and camping equipment, but I get plenty of adverts for those kinds of things anyway (or I did till I installed adblocker).
"I'm pleased that I use a unique password for the site"
As I understood the information that has been made public*, the bug allowed users to generate security tokens as other users. I guess that since many people keep a FB page/tab open all the time and/or FB mobile app is 'always-om', these tokens don't expire (or at least not for a long time) and so hackers can reuse these tokens to act as the spoofed users.... BUT hackers did not actually get any passwords. That's why users were not asked to change passwords... a simple logoff/logon would invalidate the previous security token and create a new one.
*of course there could be other things NOT made public
Consider what this actually means.
'View As' exposes your account as whatever setting you want. So if you locked it down to Friends, generally speaking, you'll not be hiding very much. So ANYTHING you have on there was viewable by whoever used the correct token.
The amount of information people put on their supposed 'safe' FB account is staggering. Dates, addresses, full names, photos of all types... Not to mention the friends list, which will show other photos of potentially 'interesting' things... which would then be ripe for leeching info from.
This is EXACTLY the reason Facebook etc are just such a bad idea. Identity thieves will be having a field day from all this - far more valuable than just a simple debit card number...
And what will be the result? The repercussions? The world is watching because if FB is not taken to task for this, then what's the point of GPDR and whatever other rules should apply to this...
Given the primary business of Facebook is collect data and hand it out willy-nilly to anyone willing to pay for it, I think the phrase "Facebook security" is the ultimate oxymoron.
Is it really news that yet again Facebook has been compromised? They hand out any data they collect like free handjobs from a £10 dollar hooker on a street corner. They cause nothing but misery to those addicted to their mornic presence on the internet. They allow ne'er do wells to lurk in their site, uploading sh*t propaganda and images of abuse. They insert their vile hooks into websites that don't belong to them. Run by an upstart little turd who's bascially won a lottery and whom barely understands what working in the real world is, pretends to understand what people need and want.
They're too big, too powerful and they have no comprehension of responsibility they have and the quicker the site is shut down the better off humanity will be.
"the quicker the site is shut down the better off humanity will be"
While morally I agree with you, if Facebook and its ilk get shut down, that means certain people at work will need to start working. Those of us that do actual work tolerate these immovable obstacles staring at social media because then they leave us the hell alone...
There is a rumor that Google-issued Captchas (v3?) will demand that you have a Google Account and a reliable clickstream on file that can be distinguished from a bot. So most of the Internet will be inaccessible to reticent deplorables unwilling to share their data.
I have witnessed Google's Captchas software being used by miscreants to keep web scrapers from following the many redirects that lead to fake virus warnings, fake Windows and Apple support sites that trick users into installing malicious Android apps or adware/malware for Windows and Apple products.
I am wondering if there is analytics built into the Captcha API that phones home to Google that would have or should have alerted Google to these goings on.
https://malware.dontneedcoffee.com/hosted/anonymous/kotd.html
The Google Captchas ought to be illegal. Any company / person using them as a "gatekeeper" should be ashamed for coercing the public to help Google's "AI" parasitical crowdsourcing.
"Crowdsourced steering" doesn't sound quite as appealing as "self driving."
I think they did that already. I notice a lot more of the message "Sorry, your computer or network is sending automated requests [it is not] so we can't handle your request [so I just give up]" when the email address isn't a gmail one. I have considered just never using such a site anymore, but that cuts out a lot of smaller sites that use it for spam prevention.
You mean like you can't use facebook unless you have a phone they can contact you on during the signup... Have you tried creating anonymouse Facebook accounts recently, if you manage it, they are deleted within days. Facebook NEEDS to know everything about you.
Even the IT crowd worked this out 10 years ago, go watch the FriendFace episode, and look how everything has turned out to be exactly like it was portrayed then. Still plenty of morons don't get it.
No more AC...
AC because I like being ironic...
> Is it really news that yet again Facebook has been compromised? They hand out any data they collect like free handjobs from a £10 dollar hooker on a street corner.
Exactly. And to make matters worse - if that's even possible - Facebook's main concern right now seems to be focused on managing the PR around this debacle. How do we make Mark Zuckerberg and Sheryl Sandberg come out smelling like roses from all of this?
On top of this, they have the temerity of claiming that "the bug has been patched".
Really? Facebook doesn't even know about the security holes lurking in their own code. They stumble upon them by happenstance. Not security research, not testing. Just panic reactions after the bug has been out in the wild for ages. That little fact alone tells me everything I need to know about their code reviews and secure coding practices.
26-year-old geniuses. Yeah.
Yo, Zuckerberg. Why won't you hire some greybeards? They'll teach your pimple-faced geniuses - who still enjoy living in a dorm - a thing or two about secure coding practices and hunting down possibly catastrophic bugs.
Ooooh, I almost forgot. You stated publicly that any software engineer over 30 is just dumb.
Yep that's the biggest Fake News of them all. The reality is Zuck & Co can't fix the problems at Facebook. They're not savants, they're just aggressive greedy a$$holes. Deeper insight here:
https://www.bloomberg.com/view/articles/2018-09-18/mark-zuckerberg-profile-reveals-origins-of-facebook-fb-problems
https://www.newyorker.com/magazine/2018/09/17/can-mark-zuckerberg-fix-facebook-before-it-breaks-democracy
https://www.forbes.com/sites/parmyolson/2018/09/26/exclusive-whatsapp-cofounder-brian-acton-gives-the-inside-story-on-deletefacebook-and-why-he-left-850-million-behind
> "Ooooh, I almost forgot. You stated publicly that any software engineer over 30 is just dumb."
That was quite... special. It has some real gems regarding his wisdom about software development. Like hiring coders in every department so they can just change random stuff on the fly: no need for any sort of planning, design, impact assessment, peer review, testing, quality control, security review, or any of that other boring crap that makes the oldies dumb, we're all such geniuses that we can change random shit on a whim with no consequences! *cough*
A bit later on in the article that @ST linked above, is this from PayPal Founder Max Levchin...
As a final word of product development advice, Levchin encouraged founders to think about the Bible’s seven deadly sins – especially greed, sloth, envy, pride and gluttony. These characteristics, he said, describe many of the primal motivations for users.
"We are constantly improving our security and this underscores the fact that there are constant attacks," said CEO Mark Zuckerberg. "We need to keep focusing on this over time."
He said it, but I do not think it means what you think it means. "Constantly improving" would seem to indicate that things are actually going to get better when in reality it means that while they do patch the occasional vulnerability, there are more discovered than will ever be addressed. Saying there is a need to do something doesn't mean that something will get done and it certainly doesn't mean that what gets done will have a meaningful effect.