Shopping cart other than OSCommerce? [LONG]
Jerry McAllister
jerrymc at msu.edu
Wed Dec 8 21:30:29 UTC 2010
On Wed, Dec 08, 2010 at 04:13:25PM -0500, Karl Vogel wrote:
> >> On Tue, 7 Dec 2010 21:23:04 -0700,
> >> "Dale Scott" <dalescott at shaw.ca> said:
>
> D> I'll interpret that as saying a large percentage of the PHP apps vying
> D> for your attention are crap, but buyer beware. Just be careful, have a
> D> healthy level of scepticism, and keep your eyes open.
>
> Yup.
>
> D> I don't know anything about Facebook other than it's PHP-based, but I'm
> D> sure we'd hear about it being hacked on a regular basis if it was.
Interesting. Looks like most of these depend on the bad judgement
of the user to respond to phishing and similar attacks rather than
a flaw in the php code. - though once the user makes the mistake
they [unknowingly] allow the attack to insert malware.
////jerry
> http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=216403016
> Microsoft and Facebook Team Up to Put the Kibosh on Koobface
> Mon, 6 Apr 2009
>
> Microsoft and Facebook are working together to protect users from the
> Koobface worm. Koobface spreads through Facebook and MySpace social
> networking sites and infects users who run vulnerable versions of
> Windows. It steals login information so it can hijack accounts and spam
> users' contact lists.
>
> The spam usually contains a link to what is billed as a video, but users
> who click the link are told they must download a program to watch the clip.
> If users agree to the download, their machines become infected with malware.
> Microsoft has added Koobface to its Malicious Software Removal Tool (MSRT),
> which removed nearly 200,000 instances of Koobface from more than 133,000
> computers in two weeks.
> ------------
>
> http://www.theregister.co.uk/2009/05/15/facebook_phishing_scam/
> http://technology.timesonline.co.uk/tol/news/tech_and_web/article6294169.ece
> Another Phishing Attack Targets Facebook Users
> Fri, 15 May 2009
>
> Users of the social networking site Facebook have been subjected to another
> phishing attack. The attackers gained access to the social networking
> site by using legitimate user accounts and then directing the contacts
> of the compromised accounts to websites containing malicious software.
> The attackers ostensibly gained access to the initial accounts by exploiting
> easy-to-guess passwords.
> ------------
>
> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1356896,00.html
> IT Managers Feel Pressured to Relax Security Policies
> Wed, 20 May 2009
>
> According to a recent survey of 1,300 IT managers, 86 percent said
> they were being pressured by company executives, marketing departments,
> and sales departments to relax web security policies to allow access to
> web-based platforms such as Google Apps. Nearly half of respondents said
> some employees bypass security policies to access services like Twitter
> and Facebook. More than half of the respondents noted that they lacked the
> means to detect embedded malicious code and prevent URL redirect attacks.
> ------------
>
> http://www.theregister.co.uk/2009/08/07/twitter_attack_theory/
> Attack on Twitter and Facebook Was a "JoeJob"
> 6-10 Aug 2009
>
> The denial-of-service attacks that hobbled Twitter and Facebook last week
> were not conducted through botnets, but instead were the result of a spam
> campaign aimed at a taking out accounts that belong to a pro-Republic of
> Georgia blogger.
> ------------
>
> http://www.scmagazineus.com/Facebook-to-modify-privacy-practices-after-investigation/article/147556/
> http://technology.timesonline.co.uk/tol/news/tech_and_web/article6812783.ece
> Facebook Will Strengthen Privacy Practices
> 27-28 Aug 2009
>
> In response to an investigation launched by Canada's Office of the Privacy
> Commissioner, Facebook has agreed to give users more control about the
> information they share with third-party applications. The applications will
> be required to get permission from users for every category of personal
> information they want to access. In addition, users will have the option
> to deactivate or to even to delete their accounts. If users delete their
> accounts, all information belonging to that user will be deleted from
> Facebook servers.
> ------------
>
> http://www.computerworld.com/s/article/9138780/Facebook_Captchas_broken_?source=rss_security
> Spammers Break Facebook CAPTCHA
> Thu, 1 Oct 2009
>
> Malware purveyors have managed to break the Facebook CAPTCHA (completely
> automated public Turing test to tell computers and humans apart), allowing
> them to automate the creation of Facebook pages. The malicious pages are
> being used to send links to malicious websites that promote scareware.
> The pages all have the same photograph, but have different user names.
> Facebook is taking steps to identify the rogue pages and disable them.
> ------------
>
> http://www.wired.com/epicenter/2010/01/facebook-email/
> Rogue Marketers Can Mine Your Info on Facebook
> Ryan Singel
> Tue, 5 Jan 2010
>
> A marketer can take a list of 1,000 e-mail addresses, either legally or
> illegally collected -- and upload those to Facebook through a dummy
> account -- which then lets the user see all the profiles created using
> those addresses. Given Facebook's ubiquity and most people's reliance
> on a single e-email address, the harvest could be quite rich.
> ------------
>
> http://www.theregister.co.uk/2010/01/11/facebook_charging_rumour_malfeasance/
> http://www.snopes.com/computer/internet/fbcharge.asp
> Facebook Group Page Has Links to Malware-Laced Sites
> Mon, 11 Jan 2010
>
> Miscreants intent on spreading malware appear to be preying on people's
> unfounded fears that Facebook plans to begin charging users for its
> services. A Facebook group that appears to offer a place for people to
> protest the rumored fees has been shown to contain malware. The group pages
> themselves appear to be clean, but link to suspicious sites. Snopes.com has
> posted a warning about the deceptive groups and associated pages.
> ------------
>
> http://www.pcworld.com/businesscenter/article/191847/facebook_users_targeted_in_massive_spam_run.html
> http://news.cnet.com/8301-27080_3-20000682-245.html
> Spammers Go After Facebook Users
> Thu, 18 Mar 2010
>
> Spammers have been targeting Facebook members with data-stealing malware.
> The malicious messages appear to come from legitimate senders, but the
> return address is spoofed. The messages tell recipients that their
> Facebook passwords have been reset and that they need to download an
> attachment that contains the new password. Although many users may know
> by now that websites would not reset passwords and email the new ones,
> because Facebook's user base is so large, the attackers appear to be
> hoping that at least some will fall for the ruse.
> ------------
>
> http://www.eff.org/deeplinks/2010/04/facebook-further-reduces-control-over-personal-information
> Facebook Further Reduces Your Control Over Personal Information
> Kurt Opsahl
> Mon, 19 Apr 2010
>
> Today, Facebook removed its users' ability to control who can see their
> own interests and personal information. Certain parts of users' profiles,
> "including your current city, hometown, education and work, and likes and
> interests" will now be transformed into "connections," meaning that they
> will be shared publicly. If you don't want these parts of your profile to
> be made public, your only option is to delete them.
> ------------
>
> http://blogs.zdnet.com/security/?p=6304
> 1.5 million Facebook accounts offered for sale
> Dancho Danchev
> Sat, 24 Apr 2010
>
> VeriSign's iDefense Intelligence Operations Team has spotted an underground
> market ad offering 1.5 million Facebook accounts for sale. The pricing
> method is based on the number of contacts per compromised account,
> presumably with the idea to allow easier spreading of related malicious
> content across Facebook.
> ------------
>
> http://www.eff.org/deeplinks/2010/05/facebook-should-follow
> Facebook Should Follow Its Own Principles
> Kurt Opsahl
> Thu, 13 May 2010
>
> If you decide to leave by deactivating your account, information is saved
> in case you decide to reactivate later. Even if you delete your Facebook
> account, you have to wait 14 days and even then Messages and Wall posts
> remain. The Facebook Principles are much clearer: Users have the right to
> "take [their data] with them anywhere they want, including removing it from
> the Facebook Service." Facebook is not living up to its promises.
> ------------
>
> http://arstechnica.com/web/news/2010/10/facebook-may-be-making-strides.ars
> "Deleted" Facebook photos actually aren't
> Ars Technica staff
> Tue, 12 Oct 2010
>
> We wrote a piece more than a year ago examining whether photos really
> disappear from social network servers when you delete them, and found
> that Facebook was one of the worst offenders when it came to leaving
> "deleted" photos online. We decided to revisit the issue recently when
> readers continued to point out that our deleted photos from that article
> were still online more than 16 months later.
> ------------
>
> http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html
> http://www.theregister.co.uk/2010/10/18/facebook_apps_privacy_breach
> http://www.bbc.co.uk/newsbeat/11565948
> http://www.net-security.org/secworld.php?id=10005
> Facebook Faces Another Privacy Breach
> Mon, 18 Oct 2010
>
> The privacy of many users on Facebook has been compromised by a number
> of popular applications, or apps, used on the social networking site.
> An investigation by the Wall Street Journal identified a number of apps that
> access Facebook members' personal details, even if their privacy settings
> were set to the most restrictive allowed within the social network.
>
> According to the report, up to 25 advertising and data gathering firms
> were exploiting the issue to enable them access the name of the persons
> using certain apps, and in some cases the names of those persons'
> friends. One company, Rapleaf, was also found to have combined the user
> data accessed in Facebook with its own database of internet users.
> Rapleaf admitted that some of this information was also transmitted to
> other third parties, but claimed that this transmission was accidental.
> Facebook has responded by saying it will implement a solution to prevent
> this type of access to user data.
> ------------
>
> http://blogs.sfweekly.com/thesnitch/2010/10/zynga_facebook_lawsuit.php
> http://business.financialpost.com/2010/10/22/13072/
> http://www.computerworld.com/s/article/9192862/Rapleaf_says_it_has_fixed_privacy_issue_with_Facebook?taxonomyId=203
> Facebook to Employ Encryption to Protect User IDs
> Mon, 25 Oct 2010
>
> Facebook says it will use encryption and other data protection measures
> following reports that users' data were being shared with third parties.
> Facebook policy forbids application developers from sharing Facebook User
> IDs (UIDs) with third parties, but the company said that "some developers
> were inadvertently sharing [the data] via the HTTP Referrer header."
> ------------
>
> http://www.computerworld.com/s/article/9192923/New_Firefox_add_on_hijacks_Facebook_Twitter_sessions?taxonomyId=17
> Firefox Extension Makes it Easy to Steal Cookies
> Mon, 25 Oct 2010
>
> At the ToorCon 12 conference in San Diego, researchers presented a
> proof-of-concept Firefox extension that is capable of stealing session
> cookies from Facebook, Twitter and other accounts on unencrypted Web 2.0
> sites on open wireless networks.
> ------------
>
> http://www.bbc.co.uk/news/technology-11665120
> Facebook Bans Developers for Selling User IDs
> Mon, 1 Nov 2010
>
> Facebook has banned a number of developers from connecting to the social
> network for six months after it learned that they had been selling user
> information to data brokers.
>
> --
> Karl Vogel I don't speak for the USAF or my company
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions
mailing list