All posts tagged ‘facebook’

File Under: privacy, Security, Social

Worm Steals 45,000 Facebook Login Credentials, Infects Victims’ Friends

A worm previously used to commit financial fraud is now stealing Facebook login credentials, compromising at least 45,000 Facebook accounts with the goals of transmitting malicious links to victims’ friends and gaining remote access to corporate networks.

The security company Seculert has been tracking the progress of Ramnit, a worm first discovered in April 2010, and described by Microsoft as “multi-component malware that infects Windows executable files, Microsoft Office files and HTML files” in order to steal “sensitive information such as saved FTP credentials and browser cookies.” Ramnit has previously been used to “bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions, compromise online banking sessions and penetrate several corporate networks,” Seculert says.

Recently, Seculert set up a sinkhole and discovered that 800,000 machines were infected between September and December. Moreover, Seculert found that more than 45,000 Facebook login credentials, mostly in the UK and France, were stolen by a new variant of the worm.

“We suspect that the attackers behind Ramnit are using the stolen credentials to log-in to victims’ Facebook accounts and to transmit malicious links to their friends, thereby magnifying the malware’s spread even further,” Seculert said. “In addition, cybercriminals are taking advantage of the fact that users tend to use the same password in various web-based services (Facebook, Gmail, Corporate SSL VPN, Outlook Web Access, etc.) to gain remote access to corporate networks.”

Facebook fraud, of course, is nothing new. Facebook itself has acknowledged seeing 600,000 compromised logins each day, although that accounts for just 0.06 percent of the one billion Facebook logins each day.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

File Under: Identity, privacy, Social

Facebook Wants Your Past, Present, and Future On Open Graphs and Timelines

Facebook will soon allow its users to integrate all of their music, media, and lifestyle actions and interactions with their profiles, Mark Zuckerberg announced at Facebook’s f8 conference yesterday. Connecting profiles to services like Spotify will allow users to fill out their own curated “Timeline,” so friends can see each others’ media activities both as individuals and aggregated over their entire network, a move that will explode the amount of content on the site.

The new arrangement is part of two new Facebook initiatives, one of which is the Timeline. Users can fill in their Timelines with both content pulled in from other services — say, an article “liked” on Ars Technica or a game played — as well as “real world” activities like photos or status updates. The real world content can be filtered by date into the timeline, so users can fill in their backstory on the site with everything that happened before Facebook existed: moves to a new city, first words as a baby, or every single relationship breakup pre-2004.

Once in place, the timeline will be the new News Feed, with friends’ updates streaming past. But not everything will make it into the Timeline: small updates, like what music friends are listening to, may be relegated to the Ticker, the integrated online friends/status update bar rolled out Wednesday. Users will be able to choose which activities are significant enough to appear in their timelines.

Zuckerberg also placed emphasis on the new use of verbs in timelines, which will allow people to sort their friends activities in different ways. For instance, with a status update reading “Casey Johnston is watching Veronica Mars for the millionth time,” users will be able to click both “watching” to see what else friends are viewing at the moment, or “Veronica Mars” to see a list of other friends who like Veronica Mars.

These updates will feed into the second new feature, Facebook Open Graph, which collects and ranks the the activities or items that friends are interacting with. Apps that integrate with Facebook will be sorted in Open Graph based on popularity with a user and his or her friends, including Spotify, Hulu, Netflix, Foodspotting, Vevo, and Nike+, among many others. Open Graph is intended to help with app discoverability, showing users what their friends are doing without flooding their feeds every time a friend kills a mobster or plants a new crop of corn.

When Timeline was introduced, Chris Cox, director of product at Facebook, noted that “there is nothing we love to summarize more than time itself,” stating that with the new features it would be possible for users to create months or years in review.

Of course, Facebook’s entire motivation isn’t just for friends to become more intimate with each others’ past and present. Daniel Ek, Spotify CEO, spoke briefly at the conference, and noted that “because our [Spotify's] playlists are social, they [users] are more engaged. And because they are engaged, they are more than twice as likely to pay for music.” For Spotify, which boasted 2 million paying members worldwide as of Wednesday, the exposure to the better part of a billion Facebook members could mean big bucks.

The new completionist Facebook is a significant departure from what Facebook’s most avid competitors, Google+ and Twitter, currently offer on their sites. If Facebook can get users to buy into putting their whole life histories on the site, the amount of content there will explode, and create an investment and representation of self users won’t be likely to abandon. And with more content comes more opportunities to target ads.

The beta for Facebook’s timelines begins today, with availability being rolled out gradually. Neither Zuckerberg nor any of the speakers mentioned a timeline for the new version, but we expect it will be sooner rather than later.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

File Under: Browsers, Security

Secure Firefox With New HTTPS Everywhere Add-on

Earlier this year, the Firefox add-on Firesheep created quite a controversy by making it easy to capture unencrypted web traffic.

Firesheep sniffs unencrypted cookies sent across open wi-fi networks. That means anyone with Firesheep installed can watch your browsing sessions while you lounge at Starbucks and grab your log-in credentials for Facebook, Twitter or other popular sites. Armed with those credentials, anyone using Firesheep can essentially masquerade as you all over the web, logging in to other social sites, blogs and news sites using your Facebook or Twitter username and password.

None of Firesheep’s mechanisms are new. But Firesheep made sniffing web traffic point-and-click simple — it was suddenly dead easy to do something that used to require a good bit of hacking knowledge.

The best way to protect yourself from Firesheep is simply avoid connecting to unencrypted sites when you’re on an open wi-fi network. That means making sure that you connect over HTTPS rather than HTTP everywhere you surf. But sadly, doing so is complicated and depends on which site you’re trying to connect to.

That’s where the Electronic Frontier Foundation’s HTTPS Everywhere Firefox add-on comes in. The extension makes it easy to ensure you’re connecting to secure sites by rewriting all requests to an HTTPS URL whenever you visit one of the sites it supports.

Of course if the website you’d like to visit doesn’t support HTTPS, there’s nothing the add-on can do, but for many big sites — Twitter, Facebook, Google, PayPal, The New York Times, Bit.ly, Amazon — HTTPS Everywhere automates the process for you.

With HTTPS Everywhere installed, if you type “twitter.com” in the Firefox URL bar, the browser will automatically connect to https://twitter.com rather than http://twitter.com.

That’s a good start, but it won’t completely protect you from anyone sniffing with Firesheep. The latest beta release of HTTPS Everywhere, released over the long weekend, improves the add-on’s protection against Firesheep, but you’ll need to do some extra stuff.

First, head the HTTPS Everywhere preferences (Tools -> Add Ons -> HTTPS Everywhere -> Preferences) and check the “Facebook+” rule. Then install the Adblock Plus extension and use it to block the insecure http:// advertisements and tracking sites that Facebook (and other sites) sometimes include. There are more instructions on the EFF’s site.

Now you can browse Facebook at the coffee shop in relative peace. Certain parts of Facebook may not work properly — some applications can’t use HTTPS, and the chat app won’t work — but at least you aren’t broadcasting your login credentials to anyone who wants to listen. The EFF says it has alerted Facebook to the incompatibilities, and that it’s waiting for Facebook to fix them.

See Also:

File Under: Browsers, Social

First Look at RockMelt, a Browser Built For Facebook Freaks

The rumor mill has been buzzing for months about the imminent arrival of a new “Facebook browser” called RockMelt.

Well, it really does exist, and it’s here. RockMelt is being released as a limited public beta Sunday. Anyone can sign up to test it out, but the release will be throttled so as not to overload the cloud-based components of the app. RockMelt will be doling out download links as quickly as it can manage on a first-come, first-served basis.

The two founders, CEO Eric Vishria and CTO Tim Howes, demonstrated RockMelt to Wired a few days before Sunday’s launch.

It’s based on Chromium, so it inherits Google Chrome’s speed, looks, and basic functionality on both Mac and Windows.

And while its Facebook integration runs deep, RockMelt is not exactly a Facebook browser. It’s a social web browser, allowing you to post links, videos and status updates to both Facebook and Twitter (that’s it for now, but more services will be added later). There are also built-in clients for consuming your Facebook feed and managing multiple Twitter feeds, a chat client, and lightweight RSS reader. It does use your Facebook account to personalize the experience, but its reach is broader than just Facebook.

We’ve seen browsers custom-built for the social web before, most notably Flock, which launched as a MySpaced-up version of Firefox. Mozilla experimented with Ubiquity, an in-browser tool for posting to different social sites and interacting with web services. There are a number of add-ons that can embed social networking dashboards into the browser for you. These tools have grown in popularity as we’ve struggled to manage the ever-increasing flow of links, media and bits shared by our online friends.

So, the idea isn’t original. And RockMelt doesn’t sport a complete re-invention of the browser interface, either. But it is very streamlined, and there are some key elements that people who live and breathe the social web will find intriguing.

Continue Reading “First Look at RockMelt, a Browser Built For Facebook Freaks” »

File Under: Social, Web Apps

ThinkUp Adds Color, Depth to Your Social Network Stats

If you’ve ever wanted to archive your social network activity, store in your own database and pull all sorts of interesting visualizations out of it, then the new ThinkUp app is what you’ve been waiting for.

ThinkUp is one part metrics app — tracking which of your posts are most popular, for example — and one part cross-network aggregator. It offers features you won’t find on Twitter or Facebook, like a detailed “conversation view” of exchanges with other users. ThinkUp also acts as a backup for your social network data, pulling it into your own database. It even offers CSV files for creating your own spreadsheets.

Since it archives all of your activity, ThinkUp is an especially useful tool for those of us who like to maintain control over our own data. It takes stuff that would otherwise only live in the various networks’ silos and copies it to a database where we’re the administrator. So if we want to ditch Twitter or Facebook in some distant future where those companies start acting against our best interests, we don’t lose the massive stores of updates, links, photos and, most importantly, friend relationships we’ve already set up. And in the meantime, it lets us have fun with all the data it’s archiving.

Although ThinkUp is still a beta release, we took the code for a spin and found it to be stable enough to be useful. At the moment, it only supports Twitter and Facebook data, but ThinkUp plans to add additional social networks in the future, including LinkedIn, Flickr, YouTube and Google Buzz. If you’d like to try out the limited beta, head over to Github and grab the code. You may notice it’s a project published by Gina Trapani, the former Lifehacker editor who is now an independent author, blogger and programmer.

Continue Reading “ThinkUp Adds Color, Depth to Your Social Network Stats” »