back to article Facebook vows 'consequences' for extreme porn scammers

Facebook officials have tracked down the scammers responsible for deluging the social network with images depicting bestiality, self-mutilation and other depravity and is vowing to seek swift justice. As previously reported, Facebook has blamed the torrent of extreme smut on a "self-XSS vulnerability in the browser" that …


This topic is closed for new posts.
  1. Pirate Dave Silver badge


    OMG! They're going to banish the miscreants to MySpace as punishment...

    1. Sartori

      That's a bit harsh!!!

  2. Buzzword

    Facebook design flaw

    There shouldn't be such a thing as "content which is visible to others but not to the user whose account was used to spread it". If they could see what they'd done, they would delete it immediately and it wouldn't spread. So this is essentially a security hole.

    1. Anonymous Coward
      Anonymous Coward

      yep. for example how many people realise that guardian/independent/spotify users get their reading/listening history posted to their friends walls.

      its quite surprising what some people read/listen to...

  3. Rafael 1

    Wallace was criminally charged with hacking more than 500 million Facebook accounts.

    500 million accounts? Wow!


  4. Exit Stage Right


    The only spam I saw was all the messages (on people's walls) telling me about the spam. Not that they realised for this to happen they had to click on the link and therefore be the creator of their own problem.

  5. Richard Pennington 1

    ... "and then enter JavaScript into their URL bar" ...

    In other words, Facebook does not correctly sanitise the user input into the URL bar.

    Security FAIL on Facebook's part - this is fairly elementary stuff..

    1. Anonymous Coward
      Anonymous Coward

      No, it has nothing to do with Facebook

      >"Facebook does not correctly sanitise the user input into the URL bar"

      Facebook doesn't have any chance to sanitise the "user input into the URL bar". Your browser parses that directly, and if it's a javascript: url rather than an http(s): url, nothing gets sent to facebook; it's all executed immediately and locally in your browser.

  6. Destroy All Monsters Silver badge

    Smut Torrent and Self-injected Javascript: The Connection.

    I'm sure there are some good tagline possibilities here.

  7. James O'Brien

    Uhhh Dan?

    "Earlier this year, Wallace was criminally charged with hacking more than 500 million Facebook accounts."

    And then this from your earlier article, which was linked BTW,

    "One of the first figures to plaster the internet with millions of spam messages before being driven underground has been criminally charged for hacking some 500,000 Facebook accounts, stealing their personal information, and sending 27 million unwanted advertisements."

    Normally your rather on top of information but for you not to remember what it was that you wrote? Shame on you :P

  8. Tom 38

    Is this what it takes to get your account deleted on Facebook?

    As title.

This topic is closed for new posts.

Other stories you might like