Facebook, offensive content, and terse responses

While the so-called Fawkes Virus remains a nebulous idea, as I mentioned here yesterday, there's now much more information about the wave of offensive Facebook content that some have attributed to Anonymous and/or the Fawkes thing. Here are some of the better information sources we have identified .

  • Richi Jennings aggregated a number of comments for Computer World.
  • Facebook was widely quoted as attributing the attacks to a browser vulnerability that facilitates cross-site scripting:
    • Softpedia
    • CNN
    • Bloomberg
    • John Leyden in the Register  quoted Facebook at some length, and pointed out that the site seemed to be attributing the attack to social engineering and user error rather than a browser flaw or a site scripting error: "During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content."
    • Mashable also quoted Facebook at length.
  • Aryeh Goretsky included lots of advice and links on this blog.
  • Dan Goodin, in another article for the Register, indicated that Facebook have made progress on identifying the people responsible for the attacks.

I'm glad Facebook is making progress, but I wish they were a little more forthcoming. The company seems to be limiting its communications to carefully worded statements to the press: I have yet to see any direct advice to its users on the "Facebook Known Issues" page or the "Facebook Security" page.

ESET Senior Research Fellow

Author David Harley, ESET

  • Alex Davies

    The attack vectors condoned by lazy users because application (flash, java etc.) and operating system updates are not done, because they take too long or 'stop things from working' is another good excuse I've heard but proven the opposite!?
    Agreed, El Reg is indeed quite correct from my experience of dreadful antivirus heuristics engines that arent able to prevent rogue and packed kernel mode drivers from manifesting themselves, TDSS, Rustock etc.
    Namely and shamely, the most popular rival vendors are seemingly at fault… The amount of computer shops I discovered that dont sell ESET products in the local areas upsets me! even though they used to, in a few cases…
    Aslong as the facebook servers havent been breached again, I'm sure they could actually get away with 'we are not responsible for our users ignorance'
    My conclusion:
    The excessive human abuse of 'ignorance' is the worst cause of such attacks…
    The following comparison comes to mind:
    "Lorem ipsum dolor ignorantia non excusat" —- "ignorance of computer security is not an excuse"
    Just as:
    "Ignorantia juris non excusat" —- "ignorance of the law does not excuse"

    • David Harley

      Slightly free translation of lorem ipsum dolor, I think, but I take your point. ;-)

Follow us

Copyright © 2017 ESET, All Rights Reserved.