[now fixed] Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]

ZDNet.com reports:

The Register’s Dan Goodin has the scoop on an obvious security vulnerability that’s being ignored by the powers at Facebook.

The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user’s session identification cookies, deliver pop-up messages or change the color of Facebook pages.  Continue reading “[now fixed] Facebook refuses to fix obvious security flaw”

The ugly truth: Satan, social networks and security

This is mostly a geek-read, so let me sum it up for you.  The more apps you add to facebook and myspace, the less safe you are.  Don’t add people you don’t know well (ouch, log in my own eye) and use unique passwords for each account. This or this may help.

“A quick (and very much incomplete) hall of shame here includes MySpace, LiveJournal, and Hi5, all of which we’re surprised haven’t sunk into the East Bay under the weight of their own pwnability.”

More here >> The ugly truth: Satan, social networks and security.

Trojan Horse SHeur.bzpu is a backdoor trojan

We thought it might be an AVG false positive, but thanks to a helpful comment from Martyn (here)  we now know that’s not the case.

SHeur.bzpu is a backdoor trojan

http://www.microsoft.com/security/portal/SearchResults.aspx?query=SHeur.bzpu

Backdoor:Win32/Nuwar.gen!D

Aliases: SHeur.BCFX (AVG)

Description: Backdoor:Win32/Nuwar.gen!D is a generic detection for a backdoor trojan that allows unauthorized access to an infected computer. The trojan receives commands indirectly from a remote attacker via its connection to a malicious peer-to-peer network. This trojan also contains advanced stealth…

Published Date: 06/16/2008

Severity Rating: Medium

Optimus Media News » FBI Warns of Storm Worm Virus

The Federal Bureau of Investigation and its partner, the Internet Crime Complaint Center (IC3), have received reports of recent spam e-mails spreading the Storm Worm malicious software, known as malware. These e-mails, which contain the phrase “F.B.I. vs. facebook,” direct e-mail recipients to click on a link to view an article about the FBI and Facebook, a popular social networking website. The Storm Worm virus has also been spread in the past in e-mails advertising a holiday e-card link. Clicking on the link downloads malware onto the Internet connected device, causing it to become infected with the virus and part of the Storm Worm botnet.

“The spammers spreading this virus are preying on Internet users and making their computers an unwitting part of criminal botnet activity. We urge citizens to help prevent the spread of botnets by becoming web-savvy. Following some simple computer security practices will reduce the risk that their computers will be compromised,” said Special Agent Richard Kolko, Chief, FBI National Press Office.

Everyone should consider the following:

* Do not respond to unsolicited (spam) e-mail.

* Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail.

* Do not click on links contained within an unsolicited e-mail.

* Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.

* Validate the legitimacy of the organization by directly accessing the organization’s website rather than following an alleged link to the site.

* Do not provide personal or financial information to anyone who solicits information.

More here: Optimus Media News » FBI Warns of Storm Worm Virus.