Re: [silk] Pink Chaddi Campaign hacked on Facebook
On Wed, Apr 15, 2009 at 8:01 AM, Kiran Jonnalagadda j...@pobox.com wrote: Well - if its the same IP? Open access point say. Or a compromise of her pc / laptop? Facebook doesnt seem to use SSL for a lot of stuff maybe its someone at her work place ... or someone she knows. ashok
Re: [silk] Pink Chaddi Campaign hacked on Facebook
ashok _ wrote, [on 4/15/2009 1:19 PM]: Facebook doesnt seem to use SSL for a lot of stuff maybe its someone at her work place ... or someone she knows. I use the following Greasemonkey [1] script [2] to force secure connections on facebook, banking sites, gmail, c. However, none of these will protect against someone who has access to your computer - either via a trojan, or physical access (maybe a co-worker who walks up to your cube while your PC has carelessly been left unlocked) Udhay [1] https://addons.mozilla.org/en-US/firefox/addon/748 [2] http://userscripts.org/scripts/show/29090 -- ((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
[silk] Pink Chaddi Campaign hacked on Facebook
Does anyone here know how to get the attention of Facebook's management? Do you recall the Pink Chaddi Campaign coordinated via Facebook? It doesn't exist anymore. Or, it does, but Facebook doesn't want you to access it. Here's a link to the group. Try accessing it, you'll get redirected to the home page: http://www.facebook.com/group.php?gid=49641698651 Just a week ago, Mark Zuckerberg posted to the Facebook blog, highlighting the campaign as a notable use of the platform: http://blog.facebook.com/blog.php?post=72353897130 From the protests against the Colombian FARC, a 40-year old terrorist organization, to fighting oppressive, fringe groups in India, people use Facebook as a platform to build connections and organize action. Three days later, Nisha Susan, the campaign's coordinator, found her Facebook account suspended. She had already spent weeks talking to Facebook support over the group formerly known as The Consortium of Pubgoing, Loose, and Forward Women, since mysteriously renamed to A good bong is a dead bong along with assorted death and rape threats turning up in its description. Today Facebook won't let you look at the group either. What the heck happened? It got hacked, plain and simple. Facebook Support insists Nisha isn't keeping her account secure. I've looked it over for her, as have others, who've examined her computer thoroughly and even moved her to a Linux box. None of these measures stopped the continuing defacement of the group. FB Support has responded with requests to fill out forms describing what's going on, followed by silence. There is only one inescapable conclusion to this: Facebook is insecure and they don't want to admit it. There's been only one mainstream media mention of this, in the Hindu yesterday: http://www.hindu.com/2009/04/14/stories/2009041459890400.htm I doubt Facebook cares about what the Hindu says. How does one get their attention? -- Kiran Jonnalagadda http://jace.seacrow.com/
Re: [silk] Pink Chaddi Campaign hacked on Facebook
On Wed, Apr 15, 2009 at 01:18, Kiran Jonnalagadda j...@pobox.com wrote: Does anyone here know how to get the attention of Facebook's management? Do you recall the Pink Chaddi Campaign coordinated via Facebook? It doesn't exist anymore. Or, it does, but Facebook doesn't want you to access it. Here's a link to the group. Try accessing it, you'll get redirected to the home page: http://www.facebook.com/group.php?gid=49641698651 Just a week ago, Mark Zuckerberg posted to the Facebook blog, highlighting the campaign as a notable use of the platform: http://blog.facebook.com/blog.php?post=72353897130 From the protests against the Colombian FARC, a 40-year old terrorist organization, to fighting oppressive, fringe groups in India, people use Facebook as a platform to build connections and organize action. Three days later, Nisha Susan, the campaign's coordinator, found her Facebook account suspended. She had already spent weeks talking to Facebook support over the group formerly known as The Consortium of Pubgoing, Loose, and Forward Women, since mysteriously renamed to A good bong is a dead bong along with assorted death and rape threats turning up in its description. Today Facebook won't let you look at the group either. What the heck happened? It got hacked, plain and simple. Facebook Support insists Nisha isn't keeping her account secure. I've looked it over for her, as have others, who've examined her computer thoroughly and even moved her to a Linux box. None of these measures stopped the continuing defacement of the group. FB Support has responded with requests to fill out forms describing what's going on, followed by silence. There is only one inescapable conclusion to this: Facebook is insecure and they don't want to admit it. There's been only one mainstream media mention of this, in the Hindu yesterday: http://www.hindu.com/2009/04/14/stories/2009041459890400.htm I doubt Facebook cares about what the Hindu says. How does one get their attention? Perhaps getting the attention of BoingBoing or any other big-league blog / effect sites would help. After all, the Pink Chaddi Campaign got much link love from BB (I think it was Rishab Ghosh who pointed it out to Cory Doctorow).
Re: [silk] Pink Chaddi Campaign hacked on Facebook
Kiran Jonnalagadda [15/04/09 01:18 +0530]: Does anyone here know how to get the attention of Facebook's management? I have a friend there who heads facebook security. He's not a contact I use very often, certainly not for run of the mill hacked account cases for which FB does have a process that works when used right (passwords can be bruteforced, or if your friend logged in from a cybercafe PC with a keylogger trojan on it, or was on an open wifi, it can be stolen that way too..). This is an exception I'd say - which is why I've escalated it to him srs
Re: [silk] Pink Chaddi Campaign hacked on Facebook
On Tue, Apr 14, 2009 at 9:55 PM, Suresh Ramasubramanian sur...@hserus.netwrote: Kiran Jonnalagadda [15/04/09 01:18 +0530]: Does anyone here know how to get the attention of Facebook's management? I have a friend there who heads facebook security. He's not a contact I use very often, certainly not for run of the mill hacked account cases for which FB does have a process that works when used right (passwords can be bruteforced, or if your friend logged in from a cybercafe PC with a keylogger trojan on it, or was on an open wifi, it can be stolen that way too..). This is an exception I'd say - which is why I've escalated it to him Likewise, I sent Kiran's message to a law school friend who is part of FB's management. DK
Re: [silk] Pink Chaddi Campaign hacked on Facebook
Kiran Jonnalagadda [15/04/09 09:14 +0530]: Facebook allows an account to be logged in from only one location at a time. How, then, could the vandalism have been carried out even when Nisha was always in control of her account? This is the point where I suspect Facebook's security vulnerability lies. Well - if its the same IP? Open access point say. Or a compromise of her pc / laptop?
Re: [silk] Pink Chaddi Campaign hacked on Facebook
I doubt Facebook cares about what the Hindu says. How does one get their attention? I call for a twitcampaign with the #facebook hashtag and a retweet request. Most web apps today listen to what people are saying on twitter and the response is quite fast. Can you put up your post on a blog or should we just link to the public archive of silklist? Kiran
Re: [silk] Pink Chaddi Campaign hacked on Facebook
yes tweets pertaining to this may help.I also feel we could request Scobleizer, techcrunch, Om Malik for some help regarding highlighting this issue on their sites. 2009/4/15 Kiran K Karthikeyan kiran.karthike...@gmail.com I doubt Facebook cares about what the Hindu says. How does one get their attention? I call for a twitcampaign with the #facebook hashtag and a retweet request. Most web apps today listen to what people are saying on twitter and the response is quite fast. Can you put up your post on a blog or should we just link to the public archive of silklist? Kiran
Re: [silk] Pink Chaddi Campaign hacked on Facebook
On 15-Apr-09, at 9:31 AM, Suresh Ramasubramanian wrote: Well - if its the same IP? Open access point say. Or a compromise of her pc / laptop? Suresh, Nisha's computer security was overseen by Karim (ex-Sarai, Cyber Mohalla and NLS, if you know him). Karim's a sensible sysad and thoroughly examined her working setup; even moved her to a different computer. Nisha called me for help last Thursday. I looked around her account, received a warning that Facebook had just deleted an obscene image uploaded from her account, knocked off all her Apps, just in case one of them was an attack vector, received another warning of impending account suspension for ToS violations, changed her password for her to be doubly sure it was not being sniffed at her end, and agreed with her that we would not access her account until the next morning. The next day, her account was suspended. I live in Bangalore. Nisha and Karim live in Delhi. Whatever the attack vector was, it couldn't have been from the local computer or network. It had to be upstream. Nisha's presented her side of the story here: http://kafila.org/2009/04/12/arise-awake-the-people-who-run-facebook/
Re: [silk] Pink Chaddi Campaign hacked on Facebook
On Wed, Apr 15, 2009 at 12:49 PM, Priyanka Sachar priyan...@gmail.comwrote: yes tweets pertaining to this may help.I also feel we could request Scobleizer, techcrunch, Om Malik for some help regarding highlighting this issue on their sites. I'm a fairly lightweight twitterer compared to some luminaries on this list, but FWIW I've kicked it off using the hashtags #pinkchaddi and #facebookfail. More hashtag suggestions are welcome... -- Balaji
