While the so-called Fawkes Virus remains a nebulous idea, as I mentioned here yesterday, there's now much more information about the wave of offensive Facebook content that some have attributed to Anonymous and/or the Fawkes thing. Here are some of the better information sources we have identified .
- Richi Jennings aggregated a number of comments for Computer World.
- Facebook was widely quoted as attributing the attacks to a browser vulnerability that facilitates cross-site scripting:
- Mashable also quoted Facebook at length.
- Aryeh Goretsky included lots of advice and links on this blog.
- Dan Goodin, in another article for the Register, indicated that Facebook have made progress on identifying the people responsible for the attacks.
I'm glad Facebook is making progress, but I wish they were a little more forthcoming. The company seems to be limiting its communications to carefully worded statements to the press: I have yet to see any direct advice to its users on the "Facebook Known Issues" page or the "Facebook Security" page.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow