Shopping cart other than OSCommerce? [LONG]
Karl Vogel
vogelke+unix at pobox.com
Wed Dec 8 21:15:04 UTC 2010
>> On Tue, 7 Dec 2010 21:23:04 -0700,
>> "Dale Scott" <dalescott at shaw.ca> said:
D> I'll interpret that as saying a large percentage of the PHP apps vying
D> for your attention are crap, but buyer beware. Just be careful, have a
D> healthy level of scepticism, and keep your eyes open.
Yup.
D> I don't know anything about Facebook other than it's PHP-based, but I'm
D> sure we'd hear about it being hacked on a regular basis if it was.
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=216403016
Microsoft and Facebook Team Up to Put the Kibosh on Koobface
Mon, 6 Apr 2009
Microsoft and Facebook are working together to protect users from the
Koobface worm. Koobface spreads through Facebook and MySpace social
networking sites and infects users who run vulnerable versions of
Windows. It steals login information so it can hijack accounts and spam
users' contact lists.
The spam usually contains a link to what is billed as a video, but users
who click the link are told they must download a program to watch the clip.
If users agree to the download, their machines become infected with malware.
Microsoft has added Koobface to its Malicious Software Removal Tool (MSRT),
which removed nearly 200,000 instances of Koobface from more than 133,000
computers in two weeks.
------------
http://www.theregister.co.uk/2009/05/15/facebook_phishing_scam/
http://technology.timesonline.co.uk/tol/news/tech_and_web/article6294169.ece
Another Phishing Attack Targets Facebook Users
Fri, 15 May 2009
Users of the social networking site Facebook have been subjected to another
phishing attack. The attackers gained access to the social networking
site by using legitimate user accounts and then directing the contacts
of the compromised accounts to websites containing malicious software.
The attackers ostensibly gained access to the initial accounts by exploiting
easy-to-guess passwords.
------------
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1356896,00.html
IT Managers Feel Pressured to Relax Security Policies
Wed, 20 May 2009
According to a recent survey of 1,300 IT managers, 86 percent said
they were being pressured by company executives, marketing departments,
and sales departments to relax web security policies to allow access to
web-based platforms such as Google Apps. Nearly half of respondents said
some employees bypass security policies to access services like Twitter
and Facebook. More than half of the respondents noted that they lacked the
means to detect embedded malicious code and prevent URL redirect attacks.
------------
http://www.theregister.co.uk/2009/08/07/twitter_attack_theory/
Attack on Twitter and Facebook Was a "JoeJob"
6-10 Aug 2009
The denial-of-service attacks that hobbled Twitter and Facebook last week
were not conducted through botnets, but instead were the result of a spam
campaign aimed at a taking out accounts that belong to a pro-Republic of
Georgia blogger.
------------
http://www.scmagazineus.com/Facebook-to-modify-privacy-practices-after-investigation/article/147556/
http://technology.timesonline.co.uk/tol/news/tech_and_web/article6812783.ece
Facebook Will Strengthen Privacy Practices
27-28 Aug 2009
In response to an investigation launched by Canada's Office of the Privacy
Commissioner, Facebook has agreed to give users more control about the
information they share with third-party applications. The applications will
be required to get permission from users for every category of personal
information they want to access. In addition, users will have the option
to deactivate or to even to delete their accounts. If users delete their
accounts, all information belonging to that user will be deleted from
Facebook servers.
------------
http://www.computerworld.com/s/article/9138780/Facebook_Captchas_broken_?source=rss_security
Spammers Break Facebook CAPTCHA
Thu, 1 Oct 2009
Malware purveyors have managed to break the Facebook CAPTCHA (completely
automated public Turing test to tell computers and humans apart), allowing
them to automate the creation of Facebook pages. The malicious pages are
being used to send links to malicious websites that promote scareware.
The pages all have the same photograph, but have different user names.
Facebook is taking steps to identify the rogue pages and disable them.
------------
http://www.wired.com/epicenter/2010/01/facebook-email/
Rogue Marketers Can Mine Your Info on Facebook
Ryan Singel
Tue, 5 Jan 2010
A marketer can take a list of 1,000 e-mail addresses, either legally or
illegally collected -- and upload those to Facebook through a dummy
account -- which then lets the user see all the profiles created using
those addresses. Given Facebook's ubiquity and most people's reliance
on a single e-email address, the harvest could be quite rich.
------------
http://www.theregister.co.uk/2010/01/11/facebook_charging_rumour_malfeasance/
http://www.snopes.com/computer/internet/fbcharge.asp
Facebook Group Page Has Links to Malware-Laced Sites
Mon, 11 Jan 2010
Miscreants intent on spreading malware appear to be preying on people's
unfounded fears that Facebook plans to begin charging users for its
services. A Facebook group that appears to offer a place for people to
protest the rumored fees has been shown to contain malware. The group pages
themselves appear to be clean, but link to suspicious sites. Snopes.com has
posted a warning about the deceptive groups and associated pages.
------------
http://www.pcworld.com/businesscenter/article/191847/facebook_users_targeted_in_massive_spam_run.html
http://news.cnet.com/8301-27080_3-20000682-245.html
Spammers Go After Facebook Users
Thu, 18 Mar 2010
Spammers have been targeting Facebook members with data-stealing malware.
The malicious messages appear to come from legitimate senders, but the
return address is spoofed. The messages tell recipients that their
Facebook passwords have been reset and that they need to download an
attachment that contains the new password. Although many users may know
by now that websites would not reset passwords and email the new ones,
because Facebook's user base is so large, the attackers appear to be
hoping that at least some will fall for the ruse.
------------
http://www.eff.org/deeplinks/2010/04/facebook-further-reduces-control-over-personal-information
Facebook Further Reduces Your Control Over Personal Information
Kurt Opsahl
Mon, 19 Apr 2010
Today, Facebook removed its users' ability to control who can see their
own interests and personal information. Certain parts of users' profiles,
"including your current city, hometown, education and work, and likes and
interests" will now be transformed into "connections," meaning that they
will be shared publicly. If you don't want these parts of your profile to
be made public, your only option is to delete them.
------------
http://blogs.zdnet.com/security/?p=6304
1.5 million Facebook accounts offered for sale
Dancho Danchev
Sat, 24 Apr 2010
VeriSign's iDefense Intelligence Operations Team has spotted an underground
market ad offering 1.5 million Facebook accounts for sale. The pricing
method is based on the number of contacts per compromised account,
presumably with the idea to allow easier spreading of related malicious
content across Facebook.
------------
http://www.eff.org/deeplinks/2010/05/facebook-should-follow
Facebook Should Follow Its Own Principles
Kurt Opsahl
Thu, 13 May 2010
If you decide to leave by deactivating your account, information is saved
in case you decide to reactivate later. Even if you delete your Facebook
account, you have to wait 14 days and even then Messages and Wall posts
remain. The Facebook Principles are much clearer: Users have the right to
"take [their data] with them anywhere they want, including removing it from
the Facebook Service." Facebook is not living up to its promises.
------------
http://arstechnica.com/web/news/2010/10/facebook-may-be-making-strides.ars
"Deleted" Facebook photos actually aren't
Ars Technica staff
Tue, 12 Oct 2010
We wrote a piece more than a year ago examining whether photos really
disappear from social network servers when you delete them, and found
that Facebook was one of the worst offenders when it came to leaving
"deleted" photos online. We decided to revisit the issue recently when
readers continued to point out that our deleted photos from that article
were still online more than 16 months later.
------------
http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html
http://www.theregister.co.uk/2010/10/18/facebook_apps_privacy_breach
http://www.bbc.co.uk/newsbeat/11565948
http://www.net-security.org/secworld.php?id=10005
Facebook Faces Another Privacy Breach
Mon, 18 Oct 2010
The privacy of many users on Facebook has been compromised by a number
of popular applications, or apps, used on the social networking site.
An investigation by the Wall Street Journal identified a number of apps that
access Facebook members' personal details, even if their privacy settings
were set to the most restrictive allowed within the social network.
According to the report, up to 25 advertising and data gathering firms
were exploiting the issue to enable them access the name of the persons
using certain apps, and in some cases the names of those persons'
friends. One company, Rapleaf, was also found to have combined the user
data accessed in Facebook with its own database of internet users.
Rapleaf admitted that some of this information was also transmitted to
other third parties, but claimed that this transmission was accidental.
Facebook has responded by saying it will implement a solution to prevent
this type of access to user data.
------------
http://blogs.sfweekly.com/thesnitch/2010/10/zynga_facebook_lawsuit.php
http://business.financialpost.com/2010/10/22/13072/
http://www.computerworld.com/s/article/9192862/Rapleaf_says_it_has_fixed_privacy_issue_with_Facebook?taxonomyId=203
Facebook to Employ Encryption to Protect User IDs
Mon, 25 Oct 2010
Facebook says it will use encryption and other data protection measures
following reports that users' data were being shared with third parties.
Facebook policy forbids application developers from sharing Facebook User
IDs (UIDs) with third parties, but the company said that "some developers
were inadvertently sharing [the data] via the HTTP Referrer header."
------------
http://www.computerworld.com/s/article/9192923/New_Firefox_add_on_hijacks_Facebook_Twitter_sessions?taxonomyId=17
Firefox Extension Makes it Easy to Steal Cookies
Mon, 25 Oct 2010
At the ToorCon 12 conference in San Diego, researchers presented a
proof-of-concept Firefox extension that is capable of stealing session
cookies from Facebook, Twitter and other accounts on unencrypted Web 2.0
sites on open wireless networks.
------------
http://www.bbc.co.uk/news/technology-11665120
Facebook Bans Developers for Selling User IDs
Mon, 1 Nov 2010
Facebook has banned a number of developers from connecting to the social
network for six months after it learned that they had been selling user
information to data brokers.
--
Karl Vogel I don't speak for the USAF or my company
More information about the freebsd-questions
mailing list