Mimesis and Violence

FB Spam?
June 30, 2009, 9:10 am
Filed under: Internet, Security, Technology, Uncategorized

I’m getting a lot of these lately. What I don’t understand is why these phishing messages are so unsophisticated. If these spammers are already attacking my social network, why they don’t send me more relevant spam with more relevant/convincing landing pages. Click through to see the actual messages.


Prophecy: Social Worms
January 12, 2008, 9:27 pm
Filed under: Facebook, Internet, Rants, Security, Technology

Ed Felten’s predictions for ’08 bring up the possibility of a privacy scandal around a Facebook app.

For my part, I have my own Facebook privacy scandal prediction:

Prediction: A social network (Facebook) will become the site of automated distributed social engineering. A hacker will exploit the fact that many individuals’ friend lists are visible in order to write a worm that constructs a plausible identity and tricks an individual into accepting a friend request from the false identity. Many vanity users will accept such requests and through them the worm will gain access to many of their friends (with the trust gained by the ‘you have X friends in common with so-and-so’ notice). Because of the distributed nature of the attack – because each false identity is created to target a small cluster of people – it will take a while to notice the scale of the problem. In that time much private data will be exposed.

It’s a pretty detailed prediction, but I’m fairly confident about it. Why? Because I’m pretty sure it has started to happen already.

Recently my former roommate Jon a friend request from a ‘dean extein’ [sic]. Dean had a slightly suspect profile: his hometown was ‘stanford.Google’, his profile picture was taken from a distance, there were no additional photos of him, he had very few friends, and the capitalization on his personal information was all screwy. But Jon is friends with a Brian and Josh Extein and so he assumed it was a relative that he’d met at some point and had forgotten. So Jon accepted the friend request.

In the next few days many of Jon’s friends got friend requests from ‘dean’, myself included. I ignored the request, but about 20 people accepted it: perhaps because they also know the Exteins or because having a friend or two in common with ‘dean’ made him seem like a safe notch in their Face-belt. Either way, ‘dean’ accrued about 30 friends in a little more than a week and then his profile disappeared. Moreover, as a Google employee I can tell you that no one by the name of ‘Dean Extein’ is employed at Google.


What’d I Tell You?
December 19, 2007, 10:33 pm
Filed under: Internet, Privacy, Security, Technology

NyTimes has a piece about academics using Facebook as a source of sociological data. Turns out that one group of researchers is tracking 1700 students without their permission.

See also: Ed Felten’s Lessons from Facebook Beacon, and my Just one lesson from the Facebook Beacon debacle.