?

Log in

No account? Create an account

Previous Entry | Next Entry

If You Can't Trust Your Friends (List)

I'm reminded of the idea that, you could live in Fort Knox, but if you keep leaving the front door open, all the security in the world won't do dick for you.

Facebook has had a very bad week.  Four different apps have popped up, trying to phish people's usernames and passwords (not that it's necessary in many cases, as Sarah Palin found out during the election and Paris Hilton found out long ago).  And now, there's a new variant of he Koobface worm running around.  A link to a fake YouTube video sends computers to a remote site where fake Codec trojans are installed and that autoinstalls the worm (oh, THAT'S a new trick).  It then scours social networking cookies and makes a DNS query to check IP addresses that correspond to remote domains.  Those servers then send and receive information about the machine and the machine is RPC'ed.  With the information stroed in the cookies, the worm searches for the friends list.  Once found, it sends an HTTP POST request, sending a message to the friend with the bogus link to infect their machine.  Obviously, the purpose is to create a botnet.  An earlier version of this has already bounced through MySpace.

Those of you that know me know what I'm going to say next -- this wouldn't happen if they ran Linux.

It's actually interesting, because it is sidestepping e-mail security.  Suspicious e-mails or strange links?  People have learned to think twice before opening them or clicking them.  But on a social networking site?  There's a little less caution.  The self-defense advice is the standard keep your AV up to date, don't click on strange links, don't install codecs from questionable sources, blah blah blah.  Happy networking, kids!

Comments

( 3 comments — Leave a comment )
mornblade
Mar. 7th, 2009 04:45 am (UTC)
I've told people until I'm blue in the face, yet some people STILL insist on using Winblows. When they do try Linux many say, "It's so hard, I have to think for a nano-second before I click on something. It's been a whole half-hour and I haven't mastered it yet, I think I'll just stick to kissing Bill Gate's butt." Wusses.
sinetimore
Mar. 7th, 2009 12:26 pm (UTC)
Oh my God, I TOTALLY love your icon!

There's a learning curve with everything, it's just that Windows is so pervasive, the learning was subtle and gradual. Not only that, but remember -- we aren't intimidated by technology, we embrace it and the challenges it presents. Lots of people just want the computer to work with no effort on their part. That's no excuse, since there are plenty of very user friendly Linux builds, just saying that's the underlying psychology.
mornblade
Mar. 7th, 2009 08:04 pm (UTC)
Before now I had no reason to have a Linux-based icon as everyone else on my f-list runs M$. But now I do, so I put one together really quick. I knew it needed a penguin (that is a Gentoo penguin to be precise) and I wanted to suggest Fedora. So those are the elements I put together. Then I saw how it had it's wings out like it wanted a hug, and the text fell into place.

You may steal it if you like it.
( 3 comments — Leave a comment )

Latest Month

June 2019
S M T W T F S
      1
2345678
9101112131415
16171819202122
23242526272829
30      

Tags

Page Summary

Powered by LiveJournal.com