Please steal my personal data [OK]

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Feb 11 01:17:43 EST 2008


Jan Miksovsky (UI designer) has an interesting post on his blog about the
phishing-friendly nature of Facebook apps. Consider the following scenario:

  You get a message from someone you know (well, someone on your Facebook
  friends list, which means a complete stranger you've never met before but
  who you added because whoever dies with the most entries on their list wins)
  saying "Hey, click on/run this!".  "This" is an unknown app that (by
  default) has access to your information and embeds itself in your Facebook
  experience.

Sound like a phishing attack?  Nope, it's SOP for Facebook:

http://miksovsky.blogs.com/flowstate/2008/01/facebook-applic.html

Facebook (and who knows how may other sites): Hard at work training up the
next generation of phishing victims.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list