Singapore Expats Forum

Facebook breach

Discuss about any latest news or current affairs in Singapore or globally. Please DO NOT copy and paste news articles from other sources without written permission.
User avatar
the lynx
Governor
Governor
Posts: 5239
Joined: Thu, 09 Dec 2010
Location: Midgar

Postby the lynx » Tue, 20 Aug 2013 9:07 am

zzm9980 wrote:
PNGMK wrote: Anyone who does't think he's only a puppet for the powers that be is fooling themself.


Oh how I would have loved to have won the lotto and been picked by the real zionist/free mason/illuminati overlords to be the useful idiot puppet to run Facebook (NSA data mining project) and live the life of a young billionaire. Wouldn't have married the frumpy girl he did though. Unless she's secretly a PRC Princessling.


Speaking of PRC princelings...

http://www.theguardian.com/business/2013/aug/18/jp-morgan-china-bribery-investigation

PNGMK
Director
Director
Posts: 4852
Joined: Thu, 21 Mar 2013

Postby PNGMK » Tue, 20 Aug 2013 9:46 am

zzm9980 wrote:
PNGMK wrote: Anyone who does't think he's only a puppet for the powers that be is fooling themself.


Oh how I would have loved to have won the lotto and been picked by the real zionist/free mason/illuminati overlords to be the useful idiot puppet to run Facebook (NSA data mining project) and live the life of a young billionaire. Wouldn't have married the frumpy girl he did though. Unless she's secretly a PRC Princessling.


I'm pretty certain there is some reason for her to be married to him... she might be his minder. He and his bitch are the sort of 'open mouthed breathers' of the Y generation that I can't stand.

User avatar
the lynx
Governor
Governor
Posts: 5239
Joined: Thu, 09 Dec 2010
Location: Midgar

Postby the lynx » Thu, 22 Aug 2013 2:47 pm

I just realised something. Some posters posted to threads using the Facebook plugin and that reveals their Facebook names. I wonder if they ever realise this. Kindda defeats the purpose when their handles are not shown in that mode.

I mean, granted if they are conscious about it but I cannot imagine myself (or anyone in general) using that Facebook plugin to reply at risk of exposing my Facebook profile.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Thu, 22 Aug 2013 3:44 pm

the lynx wrote:I just realised something. Some posters posted to threads using the Facebook plugin and that reveals their Facebook names. I wonder if they ever realise this. Kindda defeats the purpose when their handles are not shown in that mode.

I mean, granted if they are conscious about it but I cannot imagine myself (or anyone in general) using that Facebook plugin to reply at risk of exposing my Facebook profile.


I didn't realize the forum even had that as an option. I've been using 'Disconnect' for Chrome (and other extensions before that one came out) to completely block Facebook, Twitter, and all of that shit on any domain that isn't their own. It's already known (and I've proven :p) Facebook is building shadow profiles on people who don't even have accounts. All of that shit still sets cookies and they track your browsing habits and build profiles of your likes and such whether you're a user or not.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Thu, 22 Aug 2013 3:45 pm

Apparently they have options for Firefox, Safari, and opera also:
https://www.disconnect.me/

User avatar
Mi Amigo
Manager
Manager
Posts: 1767
Joined: Sat, 19 Jun 2004
Location: Kinto Pino

Postby Mi Amigo » Thu, 22 Aug 2013 3:56 pm

I use various Firefox plug-ins including Disconnect, Self-Destructing Cookies, BetterPrivacy, Certificate Patrol and NoScript. Probably some overlap/overkill there, but they all seem to place nicely together.
Be careful what you wish for

User avatar
nakatago
Moderator
Moderator
Posts: 8333
Joined: Tue, 01 Sep 2009
Location: Sister Margaret’s School for Wayward Children
Contact:

Postby nakatago » Thu, 22 Aug 2013 4:15 pm

zzm9980 wrote:
I didn't realize the forum even had that as an option. I've been using 'Disconnect' for Chrome (and other extensions before that one came out) to completely block Facebook, Twitter, and all of that shit on any domain that isn't their own. It's already known (and I've proven :p) Facebook is building shadow profiles on people who don't even have accounts. All of that shit still sets cookies and they track your browsing habits and build profiles of your likes and such whether you're a user or not.


Ditto for disconnect.me

User avatar
the lynx
Governor
Governor
Posts: 5239
Joined: Thu, 09 Dec 2010
Location: Midgar

Postby the lynx » Thu, 22 Aug 2013 4:27 pm

I also use Disconnect in my regular laptops. Right now I'm in a course (with laptops provided) and I'm viewing this from my course laptop, hence the discovery.

Take a look if you want, especially at popular threads under Events, Gathering and Meeting Friends. The number of people who openly used Facebook plugin to respond is scary!
Last edited by the lynx on Thu, 22 Aug 2013 5:33 pm, edited 1 time in total.

PNGMK
Director
Director
Posts: 4852
Joined: Thu, 21 Mar 2013

Postby PNGMK » Thu, 22 Aug 2013 5:05 pm

zzm9980 wrote:
the lynx wrote:I just realised something. Some posters posted to threads using the Facebook plugin and that reveals their Facebook names. I wonder if they ever realise this. Kindda defeats the purpose when their handles are not shown in that mode.

I mean, granted if they are conscious about it but I cannot imagine myself (or anyone in general) using that Facebook plugin to reply at risk of exposing my Facebook profile.


I didn't realize the forum even had that as an option. I've been using 'Disconnect' for Chrome (and other extensions before that one came out) to completely block Facebook, Twitter, and all of that shit on any domain that isn't their own. It's already known (and I've proven :p) Facebook is building shadow profiles on people who don't even have accounts. All of that shit still sets cookies and they track your browsing habits and build profiles of your likes and such whether you're a user or not.


Thanks for that.

User avatar
sundaymorningstaple
Moderator
Moderator
Posts: 34266
Joined: Thu, 11 Nov 2004
Location: Still Fishing!
Contact:

Postby sundaymorningstaple » Thu, 22 Aug 2013 5:32 pm

^^This!

User avatar
JR8
Immortal
Immortal
Posts: 16514
Joined: Wed, 24 Mar 2010
Location: K. Puki Manis

Postby JR8 » Mon, 21 Oct 2013 7:41 pm

I've installed this
http://webgraph.com/resources/facebookblocker/

It seemed like a tiny download. Let's see if it works.

It is available for Firefox, Chrome, Safari, Opera.


p.s. Thank you for the advice to date, appreciate it :)

User avatar
JR8
Immortal
Immortal
Posts: 16514
Joined: Wed, 24 Mar 2010
Location: K. Puki Manis

Postby JR8 » Mon, 21 Oct 2013 7:57 pm

That appears to have killed it right off.

Thx! :cool:

User avatar
the lynx
Governor
Governor
Posts: 5239
Joined: Thu, 09 Dec 2010
Location: Midgar

Postby the lynx » Thu, 23 Jan 2014 4:36 pm

zzm, not sure you have heard of this news already.

"XXE in OpenID: one bug to rule them all, or how I found a Remote Code Execution flaw affecting Facebook's servers"

http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution

And that Facebook bug is worth USD 33,500.

User avatar
sundaymorningstaple
Moderator
Moderator
Posts: 34266
Joined: Thu, 11 Nov 2004
Location: Still Fishing!
Contact:

Postby sundaymorningstaple » Thu, 23 Jan 2014 5:07 pm

I'd have to agree with a lot of the responses on the linked FB page as it would have had to be worth at least a couple of hundred Gs considering it was an RCE bug.

User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Thu, 23 Jan 2014 9:59 pm

sundaymorningstaple wrote:I'd have to agree with a lot of the responses on the linked FB page as it would have had to be worth at least a couple of hundred Gs considering it was an RCE bug.


Symbolically, $50k would have been OK. Maybe more. But here's the catch, and probably from their perspective: What I found (and got $12k USD for) would have caused Facebook significant more damage and gotten them into more legal trouble if I had instead reported it to various authorities. They'd be in and out of court for years, as the data could prove they mixed and intermingled personal data in ways which was illegal. This, while much more severe in a damage causing way, would not get them in trouble. They're the victims, they'd patch it and fix it and move on. No one would care on Wall Street, jut a bunch of techies on the internet who mostly sneer at Facebook already anyway.

That said, I haven't had a chance to full digest this story yet.


  • Similar Topics
    Replies
    Views
    Last post

Return to “Latest News & Current Affairs”

Who is online

Users browsing this forum: No registered users and 0 guests