While the so-called Fawkes Virus remains a nebulous idea, as I mentioned here yesterday, there's now much more information about the wave of offensive Facebook content that some have attributed to Anonymous and/or the Fawkes thing. Here are some of the better information sources we have identified .
- Richi Jennings aggregated a number of comments for Computer World.
- Facebook was widely quoted as attributing the attacks to a browser vulnerability that facilitates cross-site scripting:
- Mashable also quoted Facebook at length.
- Aryeh Goretsky included lots of advice and links on this blog.
- Dan Goodin, in another article for the Register, indicated that Facebook have made progress on identifying the people responsible for the attacks.
I'm glad Facebook is making progress, but I wish they were a little more forthcoming. The company seems to be limiting its communications to carefully worded statements to the press: I have yet to see any direct advice to its users on the "Facebook Known Issues" page or the "Facebook Security" page.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, We Live Security