[115036] in cryptography@c2.net mail archive
Please steal my personal data [OK]
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Wed Feb 13 12:34:18 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com
Date: Mon, 11 Feb 2008 19:17:43 +1300
Jan Miksovsky (UI designer) has an interesting post on his blog about the
phishing-friendly nature of Facebook apps. Consider the following scenario:
You get a message from someone you know (well, someone on your Facebook
friends list, which means a complete stranger you've never met before but
who you added because whoever dies with the most entries on their list wins)
saying "Hey, click on/run this!". "This" is an unknown app that (by
default) has access to your information and embeds itself in your Facebook
experience.
Sound like a phishing attack? Nope, it's SOP for Facebook:
http://miksovsky.blogs.com/flowstate/2008/01/facebook-applic.html
Facebook (and who knows how may other sites): Hard at work training up the
next generation of phishing victims.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
