|
why in gods name does facebook use this? i was implementing a stupid 'LIKE' button which is becoming a std feature and noticed this key logger found its way into my page
how does one flag facebook as malware?
|
|
|
|
|
(NOTE: I am assuming Windows as the OS here)
Just edit the Hosts file. There are several tools out there for the task, including several Open Source ones on CodePlex.
Also, are you sure FB uses the keylogger? Could it be something else, like some kind of malware?
(I don't use FB, so I wouldn't know myself)
Attempting to load signature...
A NullSignatureException was unhandled.
Message: "No signature exists"
All of the books in the world contain no more information than is broadcast as video in a single large American city in a single year. Not all bits have equal value.
Carl Sagan
|
|
|
|
|
I dont really care about what happens on my DEV machine its my users i care about.
I am using the
facebook api thing and found that it inject Cavalry KeyLogger 
|
|
|
|
|
Oh, then I do not know.
Attempting to load signature...
A NullSignatureException was unhandled.
Message: "No signature exists"
All of the books in the world contain no more information than is broadcast as video in a single large American city in a single year. Not all bits have equal value.
Carl Sagan
|
|
|
|
|
Is that URL correct? That is, Facebook.net rather than Facebook.com? Doesn't sound official and I don't particularly want to visit that domain myself.
|
|
|
|
|
|
|
|
Gotcha, looks like Facebook.net is legit.
killabyte wrote: if you have used the facebook like button search for "Cav" in the minified script it dumps on ya and it will become clear
Are you certain that is the all.js file that is downloading that to your computer? Could it be getting injected by some other malware on your computer?
I would not be surprised if Facebook did use a key logger though, as some of their functionality may require it. For example, when I upload an image and type in a comment, it is impossible for me to CTRL+A, CTRL+C my text... Facebook seems to prevent that somehow (maybe via this key logger).
|
|
|
|
|
AspDotNetDev wrote: I would not be surprised if Facebook did use a key logger though, as some of their functionality may require it
On the other hand, it seems strange that they'd need a key logger for a LIKE button. This may be a privacy violation.
|
|
|
|
|
|
I looked at the all.js in your previous link and did a string search for 'Cav', and didn't find anything. It does load an XdComm.swf. It seems more likely that something else on your page is at fault, or your scanner is giving a false positive.
|
|
|
|
|
This man gets my vote. I don't use fb either. 
|
|
|
|
|
127.0.0.1
Works for me.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Good, you as a webmaster have protected yourself. What about the others visiting your site?
|
|
|
|
|
AspDotNetDev wrote: What about the others visiting your site?
especially as i want them to return over and over again so my google ads give me beer money
|
|
|
|
|
I'll keep them safe by never having any links to resources I can't directly control -- i.e. no ads, no adwords, no banners, no fb, no nothing that can pose a risk to visitors.
For corporate sites, I would have thought that the safety and security of visiting customers/prospects were more important than links to twitter and fb. The whole "Internet community" thing needs to be thought through a lot more seriously -- by people other than marketing cretins.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
There was some profile pic that would not go away in my facebook friends suggestions, and it just bothered me because it was ALWAYS THERE....still is. So after attempting everything I could think of to get rid of this thing that is constantly and consistently there when I sign in, I decided to view the source code. The source code indicated something by the name of Calvary Logger. I've been researching it, and apparently it is a software they have named specifically for its use on facebook called 'calvary logger'....interesting choice of words wouldn't you say?
Here is the software that facebook is using to track those on facebook who 'like' certain things, after which I guess they get 'tagged' by facebook with this spyware.
http://www.keyloggersurveillance.com/[^]
|
|
|
|
|
I have VS2008 Professional, and I'm trying to decide whether to upgrade. I've done my searches, and I'm still unsure just what I should upgrade too. It's cash out of my business, so it's personal .
The installation I have has 2008 Professional that includes MSDN library. I don't think this is an MSDN subscription.
Upgrading to VS2010 Pro is about 500, toss in MSDN subscription (one year) takes it over 1K. What does an MSDN subscription buy me?
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
charlieg wrote: What does an MSDN subscription buy me?
A few more steps down the path to the dark side.
I have VS 2010 Pro with no MSDN (via DreamSpark). You may as well wait for the next release, it's due out last year.
|
|
|
|
|
Do you mean BizSpark? Or are you faculty?
Charlie Gilley
<italic>You're going to tell me what I want to know, or I'm going to beat you to death in your own house.
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
I had to get an MSDN Premium subscription to get my grimey hands on the database features in VS etc. it was an expensive little upgrade
|
|
|
|
|
killabyte wrote: the database features in VS
I don't use those anyway. SQL Server Express suffices for my needs.
|
|
|
|
|
Lucky guy 
|
|
|
|
|
PIEBALDconsult wrote: I don't use those anyway. SQL Server Express suffices for my needs. |
Same here. I bought VS2008 Standard and Active Reports 6. That combined with SQL Server 2008 R2 Express (which I keep under lock and key by the way) makes for a powerful development package, all for under $1K. It will be some time before I need to shell out any more $ for development tools.
-CB
|
|
|
|