If you're dumb enough to be on Facebook...
...then you deserve what you get.
A bank account-raiding worm has started spreading on Facebook, stealing login credentials as it creeps across the site, security researchers have revealed. Evidence recovered from a command-and-control server used to coordinate the evolving Ramnit worm confirms that the malware has already stolen 45,000 Facebook passwords and …
why is it every time there is a news item that involves facebook, the inevitable "If you're dumb enough to be on Facebook..."
Facebook is the perfect medium to keep in contact with the less than perfect technical savvy relatives.
Facebook is no different to the rest of the internet, only post whatever your happy with the whole of the world seeing.. forget privacy settings... assume they can be or are breached....
Facebook is the perfect medium to keep in contact with the less than perfect technical savvy relatives.
I manage to keep in touch with my "less than perfect technical savvy relatives" via such time honored (but definitely un-whizzy) mechanisms as e-mail and that ol' stand-by, the telephone. Works...perfectly.
Being on Facebook? So now people are labelled dumb because of their hobby? (I know, I know; YHBT).
No, there is a real but different problem to address here; people who use their Facebook credentials to authorize themselves on other websites. That is what I'd describe as something to seriously reconsider.
Because while it may make it easier on you (one authorization to be used on dozens of websites) the risk factor also increases tremendously. Because if something ever goes awry with that single authorization you're not (temporarily?) losing access to one website, but many of them.
Not to mention that this aspect is most likely also what makes it so appealing to try and get into ones social media account. Its not only the social media contents which is at risk here.
Yet I get a feeling that most people don't even realize this hidden risk. Heck; how many of them would actually change their passwords on a regular basis (and I don't mean changing "p4ssw0rD2" into "p4ssw0rD3").
How do you get past a two-factor authorization? Simple. Wait until an action needing the second factor is given, then alter the details behind the scenes. The bank gets the request the malware wants and sends out the second factor request. Depending on the variant, either the user enters the second factor thinking it's for their action when it's really for the malware or a mobile extension of the malware (perhaps orchestrated by alterations made by the PC variant) snags the factor off your phone. Either way, the malware now has clearance to do its dirty work.
If Facebook were to convert all URLs posted on wall messages to ones that are first loaded and checked by Facebook then they would be able to intercept any that link to malware infected sites.
Perhaps Facebook could team up with Google to share the processing and network load thereby doubling our security?
Social media megacorp Meta is the target of a class action suit which claims potentially thousands of medical details of hospital patients were shared with its Facebook brand.
The proposed class action [PDF], filed on Friday, centers on the use of Facebook Pixel, a tool for website marketing and analytics.
An anonymous hospital patient, named John Doe in court papers, is bringing the case — filed in the Northern District of California — alleging Facebook has received patient data from at least 664 hospital systems or medical providers, per the suit.
Judges in the UK have dismissed the majority of an appeal made by Facebook parent Meta to overturn a watchdog's decision to order the social media giant to sell Giphy for antitrust reasons.
Facebook acquired GIF-sharing biz Giphy in May 2020. But Blighty's Competition Markets Authority (CMA) wasn't happy with the $400 million deal, arguing it gave Mark Zuckerberg's empire way too much control over the distribution of a lot of GIFs. After the CMA launched an official probe investigating the acquisition last June, it ordered Meta to sell Giphy to prevent Facebook from potentially monopolizing access to the animated images.
Meta appealed the decision to the Competition Appeal Tribunal (CAT), arguing six grounds. All but one of them – known as Ground 4 – were dismissed by the tribunal's judges this week. And even then only one part of Ground 4 was upheld: the second element.
Facebook parent Meta has settled a complaint brought by the US government, which alleged the internet giant's machine-learning algorithms broke the law by blocking certain users from seeing online real-estate adverts based on their nationality, race, religion, sex, and marital status.
Specifically, Meta violated America's Fair Housing Act, which protects people looking to buy or rent properties from discrimination, it was claimed; it is illegal for homeowners to refuse to sell or rent their houses or advertise homes to specific demographics, and to evict tenants based on their demographics.
This week, prosecutors sued Meta in New York City, alleging the mega-corp's algorithms discriminated against users on Facebook by unfairly targeting people with housing ads based on their "race, color, religion, sex, disability, familial status, and national origin."
Opinion Consulting giant McKinsey & Company has been playing a round of MythBusters: Metaverse Edition.
Though its origins lie in the 1992 sci-fi novel Snow Crash, the metaverse has been heavily talked about in business circles as if it's a real thing over the last year or so, peaking with Facebook's Earth-shattering rebrand to Meta in October 2021.
The metaverse, in all but name, is already here and has been for some time in the realm of online video games. However, Meta CEO Mark Zuckerberg's vision of it is not.
Facebook owner Meta's pivot to the metaverse is drawing significant amounts of resources: not just billions in case, but time. The tech giant has demonstrated some prototype virtual-reality headsets that aren't close to shipping and highlight some of the challenges that must be overcome.
The metaverse is CEO Mark Zuckerberg's grand idea of connected virtual worlds in which people can interact, play, shop, and work. For instance, inhabitants will be able to create avatars to represent themselves, wearing clothes bought using actual money – with designer gear going for five figures.
Apropos of nothing, Meta COO Sheryl Sandberg is leaving the biz.
An ongoing phishing campaign targeting Facebook users may have already netted hundreds of millions of credentials and a claimed $59 million, and it's only getting bigger.
Identified by security researchers at phishing prevention company Pixm in late 2021, the campaign has only been running since the final quarter of last year, but has already proven incredibly successful. Just one landing page - out of around 400 Pixm found - got 2.7 million visitors in 2021, and has already tricked 8.5 million viewers into visiting it in 2022.
The flow of this phishing campaign isn't unique: Like many others targeting users on social media, the attack comes as a link sent via DM from a compromised account. That link performs a series of redirects, often through malvertising pages to rack up views and clicks, ultimately landing on a fake Facebook login page. That page, in turn, takes the victim to advert landing pages that generate additional revenue for the campaign's organizers.
Cambridge Analytica is back to haunt Mark Zuckerberg: Washington DC's Attorney General filed a lawsuit today directly accusing the Meta CEO of personal involvement in the abuses that led to the data-slurping scandal.
DC AG Karl Racine filed [PDF] the civil suit on Monday morning, saying his office's investigations found ample evidence Zuck could be held responsible for that 2018 cluster-fsck. For those who've put it out of mind, UK-based Cambridge Analytica harvested tens of millions of people's info via a third-party Facebook app, revealing a – at best – somewhat slipshod handling of netizens' privacy by the US tech giant.
That year, Racine sued Facebook, claiming the social network was well aware of the analytics firm's antics yet failed to do anything meaningful until the data harvesting was covered by mainstream media. Facebook repeatedly stymied document production attempts, Racine claimed, and the paperwork it eventually handed over painted a trail he said led directly to Zuck.
A bipartisan group of US lawmakers has proposed legislation that would likely force Alphabet's Google, Meta's Facebook, and Amazon to divest portions of their ad businesses.
The bill, called the Competition and Transparency in Digital Advertising Act (CTDA), was introduced on Thursday by Senator Mike Lee (R-UT), with the participation of Senators Amy Klobuchar (D-MN), Ted Cruz (R-TX), and Richard Blumenthal (D-CT).
The bill would prevent large ad companies from participating on different sides of the ad transaction chain. Large ad firms could operate supply-side brokers selling publisher ad space, demand-side brokers selling ads, or ad exchanges connecting buyers and sellers – but not more than one of these.
At Meta's first Conversations keynote yesterday, the company announced the WhatsApp Cloud API, aimed at improving the customer service experience for businesses of all sizes.
Meta already has the WhatsApp Business API, the first revenue-generating enterprise product for the otherwise free messaging app, where companies pay WhatsApp on a per-message basis and can use the platform to direct customer communications to other lines like SMS, email, other apps, and more.
It's basically another online presence where enterprises can set up shop to make it easier for customers to get in touch. But the WhatsApp Business API is on-premises and would normally need a solutions provider like Twilio to facilitate back-end integration.
A newly implemented e-commerce rating system in the city-state of Singapore has rated Facebook's Marketplace as the least trustworthy e-commerce platform, behind Amazon and its Alibaba-owned Asian analogue Lazada.
The ratings system, known as the E-commerce Marketplace Transaction Safety Ratings (TSR) [PDF], was launched on May 14th by the Inter-Ministry Committee on Scams (IMCS).
The four-tier rating scheme rates e-commerce players on guarantees of user authenticity, transaction safety, dispute resolution, and ability to act effectively to protect customers.
Biting the hand that feeds IT © 1998–2022