Facebook’s response to iPhone scam hack just raises more questions
Facebook’s security team has posted a message on the walls of users who were hit by cybercriminals promoting a free iPhone scam earlier this week.
Although the notice from Facebook reassures customers that their account security was not compromised, the wording of Facebook’s note does raise a few question marks about how the scammers managed to post photos onto users’ walls without their permission.
Thousands of Facebook users are believed to have been struck in an attack which attempted to lure victims into visiting webpages with the promise of free iPads and iPhones if they completed a survey.
Even one of Mark Zuckerberg’s friends had hackers post images to her profile promoting the revenue-generating links, causing the Facebook CEO to ask her if her account had been hacked.
At the time it was assumed that the affected Facebook accounts had been broken into, perhaps as the result of a phishing campaign, but the statement from Facebook’s security team appears to rule this out:
A Note from the Facebook Security Team
For a few hours on Sunday, there was a spamming incident on Facebook. During this time, photos (mostly of supposedly "free" iPhones) were posted to some people's Walls, including yours. We've removed the photo from your Wall and fixed the issue that allowed spammers to do this. We're sorry about the photo, but can assure you that did this did not affect the security of your account in any way.
So, if the attack “did not affect the security” of the Facebook accounts, just how were unauthorised photos and links uploaded to users’ walls? Facebook appears to be saying this wasn’t the result of hackers stealing passwords, so it can’t be that the scammers logged in as these users.
Facebook also says that they’ve now “fixed the issue that allowed spammers to do this”. What was that issue? Was there a vulnerability in Facebook which allowed strangers to post content to other Facebook users’ walls?
If so, that would be a serious security issue – and I hope it’s now been properly plugged.
If you’re on Facebook, and want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.
Guest blog: Information Rights Management ready for prime time?
In this guest blog product manager John Stringer explores how Sophos’s Data Loss Protection (DLP) technology can help companies tackling Information Rights Management. Over to you John..
In “Up in the Air” George Clooney’s character loved to travel – for the reward points and the free miles kickback. Now, in business, it’s not just the axe man that likes to travel; documents fly all over the place too. But for a business the kickback can be less welcome.
Protecting sensitive information beyond the network perimeter is critical and Information Rights
Management (IRM) is a mature technology that provides an answer.
So where does DLP come into the mix? Well, DLP can be used to identify IRM-protected documents, audit their transfer and – where appropriate – apply IRM classification based on document content. This complements traditional methods for applying IRM such as manual classification by employees.
At Sophos we’re really excited about working with a number of IRM vendors, such as Oracle, to achieve exactly this.
Today the Sophos DLP “engine” can identify files protected by both Oracle and Microsoft IRM. As the video below demonstrates, this is actually pretty useful if you use or plan to use IRM.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
A policy can easily be put in place to simply monitor the transfer of IRM protected file (audit when and how they are leaving your organisation) or even to limit document transfer onto removable storage i.e. only allow files protected by IRM.
IRM provides the document protection and Sophos DLP an enforcement control. Expect to see more on this in the future.
Learn more about Sophos’s integrated DLP solution and Oracle’s IRM.
Guest blog: Information Rights Management ready for prime time?
In this guest blog product manager John Stringer explores how Sophos’s Data Loss Protection (DLP) technology can help companies tackling Information Rights Management. Over to you John..
In “Up in the Air” George Clooney’s character loved to travel – for the reward points and the free miles kickback. Now, in business, it’s not just the axe man that likes to travel; documents fly all over the place too. But for a business the kickback can be less welcome.
Protecting sensitive information beyond the network perimeter is critical and Information Rights
Management (IRM) is a mature technology that provides an answer.
So where does DLP come into the mix? Well, DLP can be used to identify IRM-protected documents, audit their transfer and – where appropriate – apply IRM classification based on document content. This complements traditional methods for applying IRM such as manual classification by employees.
At Sophos we’re really excited about working with a number of IRM vendors, such as Oracle, to achieve exactly this.
Today the Sophos DLP “engine” can identify files protected by both Oracle and Microsoft IRM. As the video below demonstrates, this is actually pretty useful if you use or plan to use IRM.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
A policy can easily be put in place to simply monitor the transfer of IRM protected file (audit when and how they are leaving your organisation) or even to limit document transfer onto removable storage i.e. only allow files protected by IRM.
IRM provides the document protection and Sophos DLP an enforcement control. Expect to see more on this in the future.
Learn more about Sophos’s integrated DLP solution and Oracle’s IRM.
7 Tactics for Smart Businesses to Increase Revenues and Decrease Expenses in Any Economy – CMO
This valuable eBook outlines 7 approaches to improve your business, uncover marketing data and get accurate up-to-the-minute insight that sales can use for closing more deals.
I Don’t Care button spam on Facebook
It’s possible that some of you are finding the seemingly endless wave of spammed-out scams on Facebook rather predictable. Clearly they must be working for the bad guys, though. Otherwise, why would they be putting effort into creating new variants of the scams to outsmart Facebook users into passing them on?
Here’s one of the latest – which claims to be something that many Facebook users would want – an “I Don’t Care Button”.
Finally!..The I Dont Care Button Is Here! Get It Now For Free...
The I Don't Care Button Is Here
Get It Now And Show That You Don't Care!
96% Wanted This and Now Its Here!.
If you were eager to show your general meh-ness about someone’s post on Facebook you might be keen for an “I Don’t Care” button, but clicking on the link takes you to a familiar-looking webpage which encourages you to “like” it and share the link with your friends, before you will be given anything else.
A clear reason to be suspicious.
And if you’re a regular reader of this blog there should have been warning bells ringing in your head – after all, it was just last month that we warned about the “Dislike button” scam we saw spreading virally across Facebook.
DownloadSquad wrote back in April about a genuine “I Don’t Care” button available in the form of an extension for the Google Chrome browser, but there’s no official “Dislike” or “I Don’t Care” option within Facebook.
Don’t make life easy for the scammers, and refuse to help them take advantage of your Facebook account. Always question what you are “liking” and “sharing” with your online friends.
If you’re on Facebook, and want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.
Superhero sci-fi tales for mere mortals
Edmond Woychowsky, aka Snack Man, offers three superhero science-fiction reading recommendations. Post your favorite titles in this genre, as well as your superhero name, in the discussion. by Edmond Woychowsky
TrustPort Antivirus 2010 5.1.0.4224 (Windows)
TrustPort Antivirus 2010 is a compact antivirus and antispam solution. It protects your desktop or laptop at all entry points from malware, spam, phishing and other threats. It scans the files you open, websites you navigate, emails you receive, and removable media you connect. The antivirus scanning is performed by…
TrustPort Antivirus 2010 5.1.0.4224 (Windows)
TrustPort Antivirus 2010 is a compact antivirus and antispam solution. It protects your desktop or laptop at all entry points from malware, spam, phishing and other threats. It scans the files you open, websites you navigate, emails you receive, and removable media you connect. The antivirus scanning is performed by…
TrustPort PC Security 2010 5.1.0.4224 (Windows)
TrustPort PC Security 2010 is a comprehensive security solution for your computer. It protects your computer against various types of malware, it relieves your mailbox from loads of spam, and it prevents you from getting tricked by phishing schemes. Its firewall component controls all connections between your computer and the…
TrustPort PC Security 2010 5.1.0.4224 (Windows)
TrustPort PC Security 2010 is a comprehensive security solution for your computer. It protects your computer against various types of malware, it relieves your mailbox from loads of spam, and it prevents you from getting tricked by phishing schemes. Its firewall component controls all connections between your computer and the…
