Thx for the information
Browsing articles from "May, 2010"
Apple about to become the second $largest$ corporation in the world
Uh-oh. That was quick. Just a few months ago many were noting that Apple’s market cap was closing fast on Microsoft’s. Back then the gap was still 50 Billion.S dollars. Just now the gap has shrunken to 5 Billion. And Apple is still gaining fast. A recent Stanley Morgan put the target for Apple’s stock price at 310$ (currently it’s 250$). After a few days Apple is bound to go past Microsoft and take the number 2 spot just after Exxon Mobil. Wouldn’t it be cool to be a fly on Ballmer’s wall?
Update: There it is. Apple is now valued at 222,1B $, while Microsoft is at 219,2B $.
3 Comments
Ouch, here comes the first(?) Facebook “virus”
Well, it’s not actually a virus, as it still needs user interaction to post itself to your wall, but still it spreads like hell. Here’s how it works:
You wonder why all of your friends are posting links to http://www.fbhole.com/omg/allow.php?s=a&r=72306 (warning! don’t open this link just yet, or if you do, don’t click anywhere). You get to the site, get a cryptic error message (which looks like a Windows dialog, if you happen to use Windows). You try to click it and boom, you’ve just reposted the link to your wall. Huh?
Looking at the source, what happens here is quite simple and is an old trick if you’re familiar with how people were able to open a browse for file dialog with Flash 9. An iframe with 0.001 opacity is opened on the site (pointing to http://www.fbhole.com/omg/tab.htm) which again contains a iframe pointing to Facebooks connect/prompt_feed.php, which is used by a gazillion sites to let users post a message to their wall. This iFrame is then repositioned whenever your mouse moves so that the publish button of that dialog is positioned under you mouse pointer. When you click, anywhere on the page, you actually click the Publish button which posts the pre-filled text containing a link back to the site to your profile.
No worries though, your personal information is (as the time of writing) not compromised by this hack, but it will most certainly have implications to Facebooks sharing functionality.
Update: For those of you who appreciate the “Objects may appear closer than they actually are”-warnings in the rear view mirror of U.S cars, the hack currently does not steal anything, but that’s not to say following the link will be safe in the *future*. It can be changed to something malicious after a million or so users have forwarded it. So be careful, or use a Mac 
Update 2: The worm was taken offline. It seems that Mikko Hyppönen, Finlands #1 celebrity in antivirus affairs was able to track the Czech dude who put this out on the interwebs and give him a call:
Domain fbhole.com shared an IP address with ironbrain.net [82.208.32.99]. Ironbrain.net hosted a website with references to Facebook but no obvious illegal content. While fbhole.com was registered with privacy protection, ironbrain.net had contact information in the WHOIS database, complete with a Czech phone number.
So I called the number.
The call went roughly like this:
– Hello?
– Hi. This is Mikko Hypponen from F-Secure Labs.
– What is this about?
– I’m looking for a person related to ironbrain.net.
– ???
– We’re investigating a Facebook worm on fbhole.com. That domain shares an IP address with ironbrain.net which is registered under your name.
– And you are?
– I’m from an antivirus company. Are you related to ironbrain.net?
– I’ll have to check… maybe my company is…
– Please do.
– Bye…
[Click]About 15 seconds later, both fbhole.com and ironbrain.net went offline. The attack is over.
9 Comments
-
-
The link target web site can whenever be changed by the original author.
For example, when the link has been farmed to a million FB users, the author can insert a real exploit to the page.
It’s nice to spread consciousness about these holes, but it is a bit misleading to say: “No worries though, your personal information is not compromised by this hack”.
-
@Tero, sure, there’s a risk that it is change to a malicous site later. A few friends just were terrified if the hack had exposed them in a way, that’s what the last paragraph was about. But you’re right, I updated the article to reflect this.
-
-
Perhaps inserting the word “currently” or “yet” might be more responsible
-
I agree, I updated the post. Note however, that reading this post on your netbook might put you at risk of getting electrocuted if you’re taking a shower at the same time
-
-
using a mac won’t help you at all, if the browser is exploitable
-
Sure it’s very much exploitable, but no one to this day hasn invested their time in writing an exploit for a 5% marketshare population. So we are “safe” for the time beeing
-
-
*yawn* yet another clickjacking CSRF vulnerability. When will people learn?
-
I was infected by a facebook virus
got rid of it!
Follow me on Twitter!
Other services
You are kidding right!!!
Nope…
today Apple is at $282B and still going strong! Microsoft sitsd at 218B. It took 20 years to see this hapen but it was worth of waiting