Re: Facebook test site

[Paul Bennett <paul.w.bennett () gmail com>]

On Sat, Jun 19, 2010 at 1:14 PM, RandallM <randallm () fidmail com> wrote:
> anyone have one up for testing URLs posted?
>
> found a strange so-called video link of "teacher almost kills
> kid"...click on the thing and it want to "have access to post status"
> messages besides "all", etc.
>
> just curious.

There's a billion (roughly) of these things claiming "This is really
cool. Just bend over and try to relax" on FB. I treat all of them as
phishing attempts, and just ignore them.

As far as I can tell, everything bad these things are capable of doing
happens on FB's servers, not out in the wild, so I really have very
little clue how one would go about dissecting one.

The solution seems to be for FB to give users more granular control
over apps, and to limit the maximum privs any given app can ask for to
something less than "allow all from all". Of course (and I'm saying
this as an enthusiastic FBer), that's the opposite of FB's business
model...




--
Pb
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.