Friday, September 28, 2018

Facebook admits to major security breach in "view as" feature, affects 50 million accounts

Facebook now reports a major security update, which it had posted September 25, here.  regarding the “View As” feature.

Yahoo! reports the incident in a news story here.   About 50 million user accounts were affected. 40 million more were forced to sign back in as a precuation. 

Users who use specific apps could find the security of these compromised. 
Mine has not been, although I probably should reset the pw soon. 

Update: Oct. 3

Mike Isaac and Kate Conger of the New York Times  say that the Facebook hack has placed many user accounts at secondary sites at risk.  The problem is that many subscription or donor-supported sites allow sign-in through Facebook.  It's possible that credit card or PayPal info could be stolen, but there is no evidence yet that this has actually happened.

CNN has a speculative article noting that it took Facebook eleven days from Sept 16 to close the leak. It is unclear how much damage it could really do. 

Thursday, September 27, 2018

Facebook hacks cause spam messages to be sent from friends' accounts (followup)

Following up on the Sept. 20 post, I got a bizarre simple message on Facebook tonight, simply, “Is it you?” .  The message contained a music video which would not play.

The Facebook friend said he had been hacked and these spam messages did not come from him.

Earlier, I got a video from a friend in French, “I dedicate this to you” of a legitimate popular song in French.
Zdnet and Dailypost have stories on Facebook hacks that may explain this.

Thursday, September 20, 2018

Facebook messenger warns of hackers posting offensive content under the name of friends' accounts

I got a Facebook message early this morning from a “friend” in France warning of the possibility of hackers sending out offensive content under someone else’s “account”.  I don’t know yet how valid this risk really is.
“How sad is what happens on Facebook! We may end up leaving Facebook. .. In addition to porn videos, there is a new hacker on Facebook that comes out offensive sentences as comments on publications of your contacts as if it were from you. It's really ugly and it looks like it's gone from your profile. You do not see it, but your friends do. This can create offenses and misunderstandings. I want to say to all my contacts that if anything offensive happens. Know that it does not come from me.
“I ask you especially to kindly warn me.”
This message appeared overnight in French on my phone with emoji. 

Monday, September 10, 2018

Hoax virus rumor about Donald Trump's health; "young people will win" find imposters trying to sell things with fake accounts

I’ve gotten messages on Facebook warning me of pictures online showing Trump collapsing from a stroke, as email attachments.
Fact-checking site Snopes says this is a hoax.

However it’s obvious that you shouldn’t open an attachment from an email (Of uncertain source) purporting to have a politically provocative image (like “Baby Trump”) or document.

The “plaid shirt guy” Tyler Linfesty advises everyone that his ID has been spoofed by people trying to sell things.  If you get an email or see a post from anyone of the “young people will win” crowd trying to sell products, it’s a fake account.

Tuesday, September 04, 2018

"Playpen" case shows government can use malware to set up a sting

There has been some recent attention by the Electronic Frontier Foundation to malware generated by the FBI to exploit a Mozilla vulnerability and record URL’s visited by a visitor.  It seems to be acquired P2P. 

This malware may have come through P2P channels, but in a child pornography prosecution called Playpen, it has resulted in searches of users home computers, possibly in violation of the Fourth Amendment.  EFF’s strike page on the Playpen case with discussion of the malware is here. 
What sounds scary is that a foreign enemy could use the same exploit to possibly frame individuals for c.p. access.