MetaChat REGISTER   ||   LOGIN   ||   IMAGES ARE OFF   ||   RECENT COMMENTS




artphoto by splunge
artphoto by TheophileEscargot
artphoto by Kronos_to_Earth
artphoto by ethylene

Home

About

Search

Archives

Mecha Wiki

Metachat Eye

Emcee

IRC Channels

IRC FAQ


 RSS


Comment Feed:

RSS

13 February 2009

Facebook Virus/Spamming app If you get a notification that you have been tagged in a PICTURE (instead of a photo), do not click the link![More:] If you DID click, go to applications and remove the picture app. It auto-adds itself to your applications.

Very VERY crafty.

I've spent the past ten minutes notifying everyone who "tagged" me. Hopefully someone from tech will wake up and remove the malicious app.
I'm hoping this thing didn't do anything harmful and is instead a copycat of the "don't click this" Twitter link fiasco.
posted by CitrusFreak12 13 February | 01:31
What insane security model allows this? Srsly.
posted by stilicho 13 February | 01:43
stilicho, automatic authorization is undertaken when a user clicks on a link sent by an application. it allows app devs to get the users' id etc. so the application can be useful instead of forcing them to add it. An application authorized this way can indeed send notifications. I think it's more a case of behavior run amok because someone's exploiting a loophole then necessarily something that needs to be blocked, because that would cause a lot of well behaving apps to get caught up in the collateral damage. Maybe notifications should be limited to other users of the application though. Facebook makes a distinction between authorized and added applications--if it does indeed ADD itself to your profile then yes it's just a bug.
posted by Firas 13 February | 04:01
That's annoying. If it's exploiting FB Dev security, be sure to report it.
posted by loiseau 13 February | 08:38
Shepard Fairey may go to court over Obama Hope pic. || unfuckingbelievable guitar playing by a 17-year-old french kid [youtube]

HOME  ||   REGISTER  ||   LOGIN