http://www.wired.com/threatlevel/2012/03/facebook-ownership-forensics/

Faking forensic data seems simple from the outside but when you really get to the nitty gritty it is not the simplest problem to solve.
This case revolves around a contract that gives him half owner ship of Facebook.

The details are in the story. The main point here is that files just don’t appear on a system. Also if you want to clean your drive reinstalling windows just does not cut it.

Right now the main ones that I have seen are working to either gather information (or just a prof of concept) and try to use a browser vulnerability on the redirected page to infect the host.

Another from the Sophos blog tries to get you on a monthly cell plan.

http://nakedsecurity.sophos.com/2010/11/09/jetblue-tickets-scam-spreads-via-facebook-jezebel/

What else could you do?

What about harvesting facebook passwords?  What good is that, well I can’t say the number but I bet there is more people than not that use the same password for everything!  You could also use this in research with passwords and combine information such as what people do, age, work history, and geographical location to build a model for what kind of password they would use. Why not?

I could also see targeted spear fishing attacks with click jacking.

Sounds like something fun!

http://codebutler.github.com/firesheep/

Firesheep is a FireFox plugin to hijack FB session, it looks really good.

There is a slide show here

http://codebutler.github.com/firesheep/tc12/

With a short demo.

Here is a shot of the capture running.

http://codebutler.github.com/firesheep/tc12/#40

This will work with twitter, facebook, and google.

Anything that does not keep an SSL connection is in trouble.  So far it will support Windows and OSX but you need the PCAP libs installed for it to work.

Remember on Windows thats LibPCAP.

Enjoy!

Is that really something that users need?

Not really.

Now think of those scam / click jacking links on facebook, the average facebook user has 130 friends.  I just saw one of those click jacking links on my feed with 26,000 people liking it.

Think of the math, and this is only one!

26,000 x 130 = 3,380,000 profiles they now have access to!

Talk about gravy train of personal information, of course the best thing is not to put that type of stuff on to facebook.

http://www.networkworld.com/news/2010/091910-interpol-chief-has-facebook-identity.html

That is too funny, it sounds like who ever did it was able to get access to information that they should not have. Again just like I mentioned before it was someone who was not on facebook that was used as the target.

The other thing I saw was a special on 20/20 on the movie Catfish,I don’t want to spoil the movie but they take it to another level. The 20/20 bit is worth watching alone if you don’t want to go see a movie.

http://isc.sans.edu/diary.html?storyid=9556

Not exactly the same as what I previously posted, but it’s something else to read.

Sure can make facebook live up to it’s number two threat vector on the internet.

I did find a little more that is related to my last post, here is an article from sophos.  It’s not exactly the same but it uses a similar tactic to get users to click on the supplied link.

http://www.sophos.com/blogs/gc/g/2010/04/06/cheryl-cole-pictures-bait-facebook/

The choice of the age group of the targets this time is pretty clear, it should be pretty easy to get access to a lot of profiles.

http://mashable.com/2010/10/01/warning-facebook-like-worm-spreading-through-javascript-exploit/

The story says that it does not appear to do anything bad at this point, if that is the case you would think something would be following soon with payload before it gets patched.

http://inj3ct0r.com/exploits/11638

In the next few days I will pull a few quotes out of it and try to expand a little more on whats going on.

Enjoy!