Facebook users be careful!

UK|AL · 11 Jan 2009 at 05:38

You sure you didn't just get phised(sp). On myspace they just replace a link such as photos to a fake login page so you think you have to log in again. It can be quite effective when your just browsing along as your not thinking.

Applications don't have access to passwords via the applications api on facebook.

mrk · 11 Jan 2009 at 05:42

I'm quite sure although it's entirely possible though the only times I log into FB are when I'm using my PC or laptop and via the bookmark link, cannot recall ever using another link to get there!

inph · 11 Jan 2009 at 06:47

DNS hijacking/poisoning springs to mind as a possibility. I'm fairly sure facebook are not silly enough to store unencrypted/hashed passwords, so even if the applications did have access to your password info (again I'm almost totally sure they dont) the cracker at the other end would need to decipher your password.

At any rate, [email protected] had access to your facebook account through some as of yet unidentified means. I'm assuming from your facebook account solina gleamed your messenger/email details and used them to add you to their messenger.

I doubt you'll see them again as they probably created a throw away account. Change your password, check for rootkits and such. If nothing comes up and no one else adds you to their messenger and relays your "new" password, then I think you're fairly safe for now.

mrk · 11 Jan 2009 at 06:57

Aye I did consider rootkits so decided to just be triple safe and run the Kaspersky online scanner which can detect rootkits - it's going to take a long time to scan though

inph · 11 Jan 2009 at 07:08

I would suggest using several tools to check for rootkits. AV programs tend to miss a fair amount these days.

Rootkit Revealer (sysinternals) or if you're feeling a bit more adventurous IceSword (hello kernel level operations, yes the author is chinese so look for english instructions)

Energize · 11 Jan 2009 at 07:10

AHarvey said:
On a side note, I am sure I read recently about a russian group breaking WPA.

If your thinking of Elcomsoft, they didn't break it, just brought out software which brute forces it faster, which isn't breaking it.

mrk · 11 Jan 2009 at 07:37

I've attempted to try Rootkit Revealer and IceSword but have failed, they throw up error messages about failing to initialise and I notice they have not been updated since 2006 so most likely won't work with Vista64 !

mjt · 11 Jan 2009 at 08:14

why would add anybody on messenger that you don't know?
it will clearly be something dodgy. just ignore them :confused:

G-MAN2004 · 11 Jan 2009 at 08:23

mjt said:
why would add anybody on messenger that you don't know?
it will clearly be something dodgy. just ignore them

If he would have ignored it, he'd have lost his FB account.

Tefal · 11 Jan 2009 at 08:24

Have you emailed FB with the details?

ould it not just be one of your mates having you on after guessing/seeing your pw?

mrk · 11 Jan 2009 at 08:29

Yeah if I ignored it then bye bye FB account!

It's certainly not any of my mates I'm certain of that at least!

Rootkit scan still running, 158k files scanned only 26% done - nothing found so far! (complete scans already done with AVAST and BitDefender btw)

Also scanning LAN machines just incase they got to me through a compromised machine on the lan - again, nothing found yet...

Until I hear back form Facebook it will be impossible to know what happened, I now reckon it was a one off, someone found the exploit and decided to chance it but didn't bet on me changing the password and locking down my account so quick!

Youstolemyname · 11 Jan 2009 at 09:00

Is there any sort of 'secret question/ answer' type thing on facebook to get passwords?

It's possible the person could have guessed these?

mrk · 11 Jan 2009 at 09:04

If you forget your password you enter your email and it mails you a confirmation link so nope, this was not the method used!

No rootkits found on any machine btw too!

It's all down to Facebook admins to solve this now!

Youstolemyname · 11 Jan 2009 at 09:10

mrk said:
If you forget your password you enter your email and it mails you a confirmation link so nope, this was not the method used!

No rootkits found on any machine btw too!

It's all down to Facebook admins to solve this now!

What about this page though...Not sure where it takes you after submitting the details.

http://en-gb.facebook.com/help/login.php

mrk · 11 Jan 2009 at 09:13

Hm no idea on that page - seems you'd need to know a bit of info to gain access - even still FB is set to email you confirmation mails on such actions.

Bizarre.

Sherbs · 11 Jan 2009 at 11:25

I suppose if someone had access to your account via a Cookie Grabber they still wouldn't be able to get your password unless they changed your email, then 'forgot there password'?
I am not sure FB use cookies either... lemme check.

Edit: seems they do.

Shot in the dark.

I don't know if FB will email your OLD password back, or create a random one and email you that.

mrk · 11 Jan 2009 at 11:31

My account is back

I locked it down and change PW before he could do anything - perhaps some kind of cookie grabber was used - it would make sense as they attempted to set the default email to the hotmail one but was unsuccessful.

Sherbs · 11 Jan 2009 at 11:34

Awesome, well i've disabled all non facebook addons now anyhow.

Granted I only had 1.

Hxc · 11 Jan 2009 at 11:39

If a facebook application that was big and popular had an exploit in it, it would be well known by now. You've been phished. Don't blame it on facebook.

mrk · 11 Jan 2009 at 11:42

Even though they said they used a backdoor in facebook apps?

As I said, phishing is only possible if you log into a site via an alternative URL which I don't - I always use the bookmark which is http://www.facebook.com/