Shopping cart other than OSCommerce? [LONG]

Karl Vogel vogelke+unix at
Wed Dec 8 21:15:04 UTC 2010

>> On Tue, 7 Dec 2010 21:23:04 -0700, 
>> "Dale Scott" <dalescott at> said:

D> I'll interpret that as saying a large percentage of the PHP apps vying
D> for your attention are crap, but buyer beware. Just be careful, have a
D> healthy level of scepticism, and keep your eyes open.


D> I don't know anything about Facebook other than it's PHP-based, but I'm
D> sure we'd hear about it being hacked on a regular basis if it was.
   Microsoft and Facebook Team Up to Put the Kibosh on Koobface
   Mon, 6 Apr 2009

   Microsoft and Facebook are working together to protect users from the
   Koobface worm.  Koobface spreads through Facebook and MySpace social
   networking sites and infects users who run vulnerable versions of
   Windows.  It steals login information so it can hijack accounts and spam
   users' contact lists.

   The spam usually contains a link to what is billed as a video, but users
   who click the link are told they must download a program to watch the clip.
   If users agree to the download, their machines become infected with malware.
   Microsoft has added Koobface to its Malicious Software Removal Tool (MSRT),
   which removed nearly 200,000 instances of Koobface from more than 133,000
   computers in two weeks.
   Another Phishing Attack Targets Facebook Users
   Fri, 15 May 2009

   Users of the social networking site Facebook have been subjected to another
   phishing attack.  The attackers gained access to the social networking
   site by using legitimate user accounts and then directing the contacts
   of the compromised accounts to websites containing malicious software.
   The attackers ostensibly gained access to the initial accounts by exploiting
   easy-to-guess passwords.
   IT Managers Feel Pressured to Relax Security Policies
   Wed, 20 May 2009

   According to a recent survey of 1,300 IT managers, 86 percent said
   they were being pressured by company executives, marketing departments,
   and sales departments to relax web security policies to allow access to
   web-based platforms such as Google Apps.  Nearly half of respondents said
   some employees bypass security policies to access services like Twitter
   and Facebook.  More than half of the respondents noted that they lacked the
   means to detect embedded malicious code and prevent URL redirect attacks.
   Attack on Twitter and Facebook Was a "JoeJob"
   6-10 Aug 2009

   The denial-of-service attacks that hobbled Twitter and Facebook last week
   were not conducted through botnets, but instead were the result of a spam
   campaign aimed at a taking out accounts that belong to a pro-Republic of
   Georgia blogger.
   Facebook Will Strengthen Privacy Practices
   27-28 Aug 2009

   In response to an investigation launched by Canada's Office of the Privacy
   Commissioner, Facebook has agreed to give users more control about the
   information they share with third-party applications.  The applications will
   be required to get permission from users for every category of personal
   information they want to access.  In addition, users will have the option
   to deactivate or to even to delete their accounts.  If users delete their
   accounts, all information belonging to that user will be deleted from
   Facebook servers.
   Spammers Break Facebook CAPTCHA
   Thu, 1 Oct 2009

   Malware purveyors have managed to break the Facebook CAPTCHA (completely
   automated public Turing test to tell computers and humans apart), allowing
   them to automate the creation of Facebook pages.  The malicious pages are
   being used to send links to malicious websites that promote scareware.
   The pages all have the same photograph, but have different user names.
   Facebook is taking steps to identify the rogue pages and disable them.
   Rogue Marketers Can Mine Your Info on Facebook
   Ryan Singel
   Tue, 5 Jan 2010

   A marketer can take a list of 1,000 e-mail addresses, either legally or
   illegally collected -- and upload those to Facebook through a dummy
   account -- which then lets the user see all the profiles created using
   those addresses.  Given Facebook's ubiquity and most people's reliance
   on a single e-email address, the harvest could be quite rich.
   Facebook Group Page Has Links to Malware-Laced Sites
   Mon, 11 Jan 2010

   Miscreants intent on spreading malware appear to be preying on people's
   unfounded fears that Facebook plans to begin charging users for its
   services.  A Facebook group that appears to offer a place for people to
   protest the rumored fees has been shown to contain malware.  The group pages
   themselves appear to be clean, but link to suspicious sites. has
   posted a warning about the deceptive groups and associated pages.
   Spammers Go After Facebook Users
   Thu, 18 Mar 2010

   Spammers have been targeting Facebook members with data-stealing malware.
   The malicious messages appear to come from legitimate senders, but the
   return address is spoofed.  The messages tell recipients that their
   Facebook passwords have been reset and that they need to download an
   attachment that contains the new password.  Although many users may know
   by now that websites would not reset passwords and email the new ones,
   because Facebook's user base is so large, the attackers appear to be
   hoping that at least some will fall for the ruse.
   Facebook Further Reduces Your Control Over Personal Information
   Kurt Opsahl
   Mon, 19 Apr 2010

   Today, Facebook removed its users' ability to control who can see their
   own interests and personal information.  Certain parts of users' profiles,
   "including your current city, hometown, education and work, and likes and
   interests" will now be transformed into "connections," meaning that they
   will be shared publicly.  If you don't want these parts of your profile to
   be made public, your only option is to delete them.
   1.5 million Facebook accounts offered for sale
   Dancho Danchev
   Sat, 24 Apr 2010

   VeriSign's iDefense Intelligence Operations Team has spotted an underground
   market ad offering 1.5 million Facebook accounts for sale.  The pricing
   method is based on the number of contacts per compromised account,
   presumably with the idea to allow easier spreading of related malicious
   content across Facebook.
   Facebook Should Follow Its Own Principles
   Kurt Opsahl
   Thu, 13 May 2010

   If you decide to leave by deactivating your account, information is saved
   in case you decide to reactivate later.  Even if you delete your Facebook
   account, you have to wait 14 days and even then Messages and Wall posts
   remain.  The Facebook Principles are much clearer: Users have the right to
   "take [their data] with them anywhere they want, including removing it from
   the Facebook Service."  Facebook is not living up to its promises.
   "Deleted" Facebook photos actually aren't
   Ars Technica staff
   Tue, 12 Oct 2010

   We wrote a piece more than a year ago examining whether photos really
   disappear from social network servers when you delete them, and found
   that Facebook was one of the worst offenders when it came to leaving
   "deleted" photos online.  We decided to revisit the issue recently when
   readers continued to point out that our deleted photos from that article
   were still online more than 16 months later.
   Facebook Faces Another Privacy Breach
   Mon, 18 Oct 2010

   The privacy of many users on Facebook has been compromised by a number
   of popular applications, or apps, used on the social networking site.
   An investigation by the Wall Street Journal identified a number of apps that
   access Facebook members' personal details, even if their privacy settings
   were set to the most restrictive allowed within the social network.

   According to the report, up to 25 advertising and data gathering firms
   were exploiting the issue to enable them access the name of the persons
   using certain apps, and in some cases the names of those persons'
   friends.  One company, Rapleaf, was also found to have combined the user
   data accessed in Facebook with its own database of internet users.
   Rapleaf admitted that some of this information was also transmitted to
   other third parties, but claimed that this transmission was accidental.
   Facebook has responded by saying it will implement a solution to prevent
   this type of access to user data.
   Facebook to Employ Encryption to Protect User IDs
   Mon, 25 Oct 2010

   Facebook says it will use encryption and other data protection measures
   following reports that users' data were being shared with third parties.
   Facebook policy forbids application developers from sharing Facebook User
   IDs (UIDs) with third parties, but the company said that "some developers
   were inadvertently sharing [the data] via the HTTP Referrer header."
   Firefox Extension Makes it Easy to Steal Cookies
   Mon, 25 Oct 2010

   At the ToorCon 12 conference in San Diego, researchers presented a
   proof-of-concept Firefox extension that is capable of stealing session
   cookies from Facebook, Twitter and other accounts on unencrypted Web 2.0
   sites on open wireless networks.
   Facebook Bans Developers for Selling User IDs
   Mon, 1 Nov 2010

   Facebook has banned a number of developers from connecting to the social
   network for six months after it learned that they had been selling user
   information to data brokers.

Karl Vogel                      I don't speak for the USAF or my company

More information about the freebsd-questions mailing list