Fake certificate attack targets Facebook users in Syria

Judges in the UK have dismissed the majority of an appeal made by Facebook parent Meta to overturn a watchdog's decision to order the social media giant to sell Giphy for antitrust reasons.

Facebook acquired GIF-sharing biz Giphy in May 2020. But Blighty's Competition Markets Authority (CMA) wasn't happy with the $400 million deal, arguing it gave Mark Zuckerberg's empire way too much control over the distribution of a lot of GIFs. After the CMA launched an official probe investigating the acquisition last June, it ordered Meta to sell Giphy to prevent Facebook from potentially monopolizing access to the animated images. 

Meta appealed the decision to the Competition Appeal Tribunal (CAT), arguing six grounds. All but one of them – known as Ground 4 – were dismissed by the tribunal's judges this week. And even then only one part of Ground 4 was upheld: the second element.

Opinion Consulting giant McKinsey & Company has been playing a round of MythBusters: Metaverse Edition.

Though its origins lie in the 1992 sci-fi novel Snow Crash, the metaverse has been heavily talked about in business circles as if it's a real thing over the last year or so, peaking with Facebook's Earth-shattering rebrand to Meta in October 2021.

The metaverse, in all but name, is already here and has been for some time in the realm of online video games. However, Meta CEO Mark Zuckerberg's vision of it is not.

An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.

Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022. 

The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers. 

Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal. 

DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant.

That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data harvesting was covered by mainstream media. Facebook repeatedly stymied document production attempts, Racine claimed, and the paperwork it eventually handed over painted a trail he said led directly to Zuck. 

A bipartisan group of US lawmakers has proposed legislation that would likely force Alphabet's Google, Meta's Facebook, and Amazon to divest portions of their ad businesses.

The bill, called the Competition and Transparency in Digital Advertising Act (CTDA), was introduced on Thursday by Senator Mike Lee (R-UT), with the participation of Senators Amy Klobuchar (D-MN), Ted Cruz (R-TX), and Richard Blumenthal (D-CT).

The bill would prevent large ad companies from participating on different sides of the ad transaction chain. Large ad firms could operate supply-side brokers selling publisher ad space, demand-side brokers selling ads, or ad exchanges connecting buyers and sellers – but not more than one of these.

At Meta's first Conversations keynote yesterday, the company announced the WhatsApp Cloud API, aimed at improving the customer service experience for businesses of all sizes.

Meta already has the WhatsApp Business API, the first revenue-generating enterprise product for the otherwise free messaging app, where companies pay WhatsApp on a per-message basis and can use the platform to direct customer communications to other lines like SMS, email, other apps, and more.

It's basically another online presence where enterprises can set up shop to make it easier for customers to get in touch. But the WhatsApp Business API is on-premises and would normally need a solutions provider like Twilio to facilitate back-end integration.

A newly implemented e-commerce rating system in the city-state of Singapore has rated Facebook's Marketplace as the least trustworthy e-commerce platform, behind Amazon and its Alibaba-owned Asian analogue Lazada.

The ratings system, known as the E-commerce Marketplace Transaction Safety Ratings (TSR) [PDF], was launched on May 14th by the Inter-Ministry Committee on Scams (IMCS).

The four-tier rating scheme rates e-commerce players on guarantees of user authenticity, transaction safety, dispute resolution, and ability to act effectively to protect customers.

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

Some of these firms are said to have also inadvertently grabbed passwords from these forms.

In a research paper scheduled to appear at the Usenix '22 security conference later this year, authors Asuman Senol (imec-COSIC, KU Leuven), Gunes Acar (Radboud University), Mathias Humbert (University of Lausanne) and Frederik Zuiderveen Borgesius, (Radboud University) describe how they measured data handling in web forms on the top 100,000 websites, as ranked by research site Tranco.

Analysis Here's something that should raise eyebrows in the datacenter world: Facebook parent company Meta has hired a veteran networking chip engineer from Intel to lead silicon design efforts in the internet giant's infrastructure hardware engineering group.

Jon Dama started as director of silicon in May for Meta's infrastructure hardware group, a role that has him "responsible for several design teams innovating the datacenter for scale," according to his LinkedIn profile. In a blurb, Dama indicated that a team is already in place at Meta, and he hopes to "scale the next several doublings of data processing" with them.

Though we couldn't confirm it, we think it's likely that Dama is reporting to Alexis Bjorlin, Meta's vice president of infrastructure hardware who previously worked with Dama when she was general manager of Intel's Connectivity group before serving a two-year stint at Broadcom.

Facebook whistleblowers have alleged that the company deliberately took down the presences of Australian government and emergency services organizations during negotiations on the nation's landmark pay-to-link-to-news laws.

In early 2021, Australia negotiated with Facebook and Google over the News Media Bargaining Code which required both to pay local news outlets for the right to link to their content. Google opposed the Code and embedded links to documents detailing its objections on its home page. Facebook said the Code was so unworkable that it would be forced to stop sharing news links in Australia – and demonstrated the effect by making it impossible for Australians to post such links.

But Facebook's actions also prevented sharing links to organizations like charities or Australia's Bureau of Meteorology in order to improve its negotiating position, according to a Wall Street Journal report that cites documents provided by whistleblowers.