Please steal my personal data [OK]
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Feb 11 01:17:43 EST 2008
Jan Miksovsky (UI designer) has an interesting post on his blog about the
phishing-friendly nature of Facebook apps. Consider the following scenario:
You get a message from someone you know (well, someone on your Facebook
friends list, which means a complete stranger you've never met before but
who you added because whoever dies with the most entries on their list wins)
saying "Hey, click on/run this!". "This" is an unknown app that (by
default) has access to your information and embeds itself in your Facebook
experience.
Sound like a phishing attack? Nope, it's SOP for Facebook:
http://miksovsky.blogs.com/flowstate/2008/01/facebook-applic.html
Facebook (and who knows how may other sites): Hard at work training up the
next generation of phishing victims.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list