funsec mailing list archives
Re: Facebook test site
From: Paul Bennett <paul.w.bennett () gmail com>
Date: Sat, 19 Jun 2010 14:07:07 -0400
On Sat, Jun 19, 2010 at 1:14 PM, RandallM <randallm () fidmail com> wrote:
anyone have one up for testing URLs posted? found a strange so-called video link of "teacher almost kills kid"...click on the thing and it want to "have access to post status" messages besides "all", etc. just curious.
There's a billion (roughly) of these things claiming "This is really cool. Just bend over and try to relax" on FB. I treat all of them as phishing attempts, and just ignore them. As far as I can tell, everything bad these things are capable of doing happens on FB's servers, not out in the wild, so I really have very little clue how one would go about dissecting one. The solution seems to be for FB to give users more granular control over apps, and to limit the maximum privs any given app can ask for to something less than "allow all from all". Of course (and I'm saying this as an enthusiastic FBer), that's the opposite of FB's business model... -- Pb _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Facebook test site RandallM (Jun 19)
- Re: Facebook test site Paul Bennett (Jun 19)