Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Suspicious 'facebook' plugin with no info about it online
19 views
Skip to first unread message
ereso...@gmail.com
Apr 30, 2013, 7:12:30 PM4/30/13
to
Hi, sorry if this is the wrong newsgroup for this.
I got my facebook account hacked the other day, which was extremely alarming as I'm very careful with my security info, and I believe I tracked it down to a suspicious facebook plugin that somehow got installed. Since I couldn't find any info at all online I was wondering if anyone here would be interested, or if someone could direct me to someone who would like to check it out.
Maybe I should send it to the big security software vendors?
Thanks,
-Devin
I got my facebook account hacked the other day, which was extremely alarming as I'm very careful with my security info, and I believe I tracked it down to a suspicious facebook plugin that somehow got installed. Since I couldn't find any info at all online I was wondering if anyone here would be interested, or if someone could direct me to someone who would like to check it out.
Maybe I should send it to the big security software vendors?
Thanks,
-Devin
Tomasz Borek
May 1, 2013, 7:44:39 AM5/1/13
to ereso...@gmail.com, dev-tech...@lists.mozilla.org
Maybe. Hard to say without knowing what exactly happened and why the
"mysterious" and "enigmatic" "somehow installing itself" from thin air
plugin ended up as primary suspect.
pozdrawiam,
LAFK
2013/5/1 <ereso...@gmail.com>
> _______________________________________________
> dev-tech-plugins mailing list
> dev-tech...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-plugins
>
"mysterious" and "enigmatic" "somehow installing itself" from thin air
plugin ended up as primary suspect.
pozdrawiam,
LAFK
2013/5/1 <ereso...@gmail.com>
> dev-tech-plugins mailing list
> dev-tech...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-plugins
>
Tomasz Borek
May 1, 2013, 10:07:53 AM5/1/13
to Devin Linnington, dev-tech...@lists.mozilla.org
Everyone else, feel free to point out better resources than those I am
pointing.
Devin,
It wasn't skepticism, but rather me sighing verbosely at inability to
answer question phrased like that. And I wasn't using quotation marks
consistently, but partially to paraphrase you and partially to convey the
"magicness" of the situation presented. :-) If you have some references for
me where I can find out what was wrong with that quotes usage, I'll gladly
peruse them.
I googled somewhat and what I can offer is:
- https://wiki.mozilla.org/Blocklisting - Mozilla Wiki explaining
blocklisting criteria and others
-
http://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist-
what it means, to blocklist
- https://addons.mozilla.org/en-US/firefox/blocked/ -> for reference for
other blocked add-ons or plug-ins, if you'd like to see other blocklisting
requests.
Now links above will help, if you would like to understand more. If you
feel you have the knowledge and this plugin *should* be blocklisted,
present your case via BugZilla, similarly like it was done here:
*https://bugzilla.mozilla.org/show_bug.cgi?id=780717*
If you wish to have some plugin information, for BugZilla report, feel free
to use these pages:
- http://www.mozilla.org/en-US/plugincheck/ - offers some information
about plugins you have, in regards to their validity and safety
- about:addons - I think it went like that, for some time now I'm using
Vimperator and am reaching this page differently
- slightly older Firefox diagnostic page from KB -
http://kb.mozillazine.org/Standard_diagnostic_(Firefox) - helpful to
determine if there ain't other issues you might have
Hope that helps.
pozdrawiam,
LAFK
2013/5/1 Devin Linnington <ereso...@gmail.com>
> I understand your skepticism (you aren't using quotations correctly but
> that's beside the point), but here is what I know:
>
> 1. The plugin is called the 'facebook plugin', but the facebook developers
> have not made such a plugin. The only reason why someone would make a
> plugin called that would be to avert attention.
> 2. I didn't intentionally install it, it must have piggy-backed on another
> install process.
> 3. I check for plugin updates somewhat frequently and never noticed this
> plugin before. That doesn't mean much on the face of it but...
> 4. I got my facebook account hacked recently, the guy knew my password and
> tried to login but was locked out due to his location.
>
> (I'm of course using 'him' but I don't know anything about the person).
>
> Now I know firefox automatically blocks plugins that have known security
> issues (certain versions of java being a popular one :P), I figured you
> guys would want to investigate this plugin and possibly put it on a black
> list in order to protect other potentially vulnerable users as well.
>
> -Devin
pointing.
Devin,
It wasn't skepticism, but rather me sighing verbosely at inability to
answer question phrased like that. And I wasn't using quotation marks
consistently, but partially to paraphrase you and partially to convey the
"magicness" of the situation presented. :-) If you have some references for
me where I can find out what was wrong with that quotes usage, I'll gladly
peruse them.
I googled somewhat and what I can offer is:
- https://wiki.mozilla.org/Blocklisting - Mozilla Wiki explaining
blocklisting criteria and others
-
http://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist-
what it means, to blocklist
- https://addons.mozilla.org/en-US/firefox/blocked/ -> for reference for
other blocked add-ons or plug-ins, if you'd like to see other blocklisting
requests.
Now links above will help, if you would like to understand more. If you
feel you have the knowledge and this plugin *should* be blocklisted,
present your case via BugZilla, similarly like it was done here:
*https://bugzilla.mozilla.org/show_bug.cgi?id=780717*
If you wish to have some plugin information, for BugZilla report, feel free
to use these pages:
- http://www.mozilla.org/en-US/plugincheck/ - offers some information
about plugins you have, in regards to their validity and safety
- about:addons - I think it went like that, for some time now I'm using
Vimperator and am reaching this page differently
- slightly older Firefox diagnostic page from KB -
http://kb.mozillazine.org/Standard_diagnostic_(Firefox) - helpful to
determine if there ain't other issues you might have
Hope that helps.
pozdrawiam,
LAFK
2013/5/1 Devin Linnington <ereso...@gmail.com>
> I understand your skepticism (you aren't using quotations correctly but
> that's beside the point), but here is what I know:
>
> 1. The plugin is called the 'facebook plugin', but the facebook developers
> have not made such a plugin. The only reason why someone would make a
> plugin called that would be to avert attention.
> 2. I didn't intentionally install it, it must have piggy-backed on another
> install process.
> 3. I check for plugin updates somewhat frequently and never noticed this
> plugin before. That doesn't mean much on the face of it but...
> 4. I got my facebook account hacked recently, the guy knew my password and
> tried to login but was locked out due to his location.
>
> (I'm of course using 'him' but I don't know anything about the person).
>
> Now I know firefox automatically blocks plugins that have known security
> issues (certain versions of java being a popular one :P), I figured you
> guys would want to investigate this plugin and possibly put it on a black
> list in order to protect other potentially vulnerable users as well.
>
> -Devin
>
>
> On Wed, May 1, 2013 at 7:44 AM, Tomasz Borek <tomasz...@gmail.com>wrote:
>
>> Maybe. Hard to say without knowing what exactly happened and why the
>> "mysterious" and "enigmatic" "somehow installing itself" from thin air
>> plugin ended up as primary suspect.
>>
>> pozdrawiam,
>> LAFK
>>
>>
>> 2013/5/1 <ereso...@gmail.com>
>>
>
> On Wed, May 1, 2013 at 7:44 AM, Tomasz Borek <tomasz...@gmail.com>wrote:
>
>> Maybe. Hard to say without knowing what exactly happened and why the
>> "mysterious" and "enigmatic" "somehow installing itself" from thin air
>> plugin ended up as primary suspect.
>>
>> pozdrawiam,
>> LAFK
>>
>>
>> 2013/5/1 <ereso...@gmail.com>
>>
Tomasz Borek
May 1, 2013, 12:21:41 PM5/1/13
to Devin Linnington, dev-tech...@lists.mozilla.org
Devin,
Any investigation you did / could do is helpful to determine whether plugin
should be blocked or not. It's quite detailed in Bugzilla's for other
blocked items and in the Wiki page I linked. While it's nice of you to
report this, your original report was (IMO) hardly what I'd call detailed.
If you won't mind, add more information to BugZilla including, but not
limited to:
1) How do you know it's not legit.
2) It's version and other info that plug-in websites tell about it.
3) Reproduction steps for the problem.
4) How you found out your FB account was hacked.
5) Why you tracked it down to this very plugin.
6) What can you tell about how it installed itself.
As for the quotes, I'm quite certain that is and will be an oft-repeating
mistake of mine. In my primary language, paraphrasing - if close enough to
original quotation - is usually marked by either italics or by quotation
marks. FWIW, I was aiming at irony and paraphrasing, to make you share more
information about that plugin, so yeah, you're quite welcome to say I was
being snarky. :) After all, for every newbie arguing developers are being
snarky when asked for help, there will be one developer saying newbies
don't know how to ask questions, now won't there? ;-)
Anyway, good luck with reclaiming your account!
> Hi Tomasz,
>
> Thanks for the links, I think I will make a bugzilla post concerning the
> suspicious plugin. However I don't know how to investigate the plugin to be
> sure that it was indeed a keylogger. At the very least it is a plugin
> pretending to be from facebook which in any case should be blocked for that
> reason alone.
>
> Your quotes can be construed as one of two ways; one is you are directly
> quoting something in my first email (which you weren't), and another is you
> are attempting to use them for emphasis which is generally considered as
> incorrect. See: https://en.wikipedia.org/wiki/Quotation_mark. I'm usually
> not overly critical of grammar in general, but you overused them a tad in
> your earlier reply (similar to how I seem to overuse parentheses ;) ) as a
> form of verbal eye-rolling. Many newbies use these often common snarky
> replies as a weak argument against the generally helpful open-source
> development mailing lists, and developers and general.
Any investigation you did / could do is helpful to determine whether plugin
should be blocked or not. It's quite detailed in Bugzilla's for other
blocked items and in the Wiki page I linked. While it's nice of you to
report this, your original report was (IMO) hardly what I'd call detailed.
If you won't mind, add more information to BugZilla including, but not
limited to:
1) How do you know it's not legit.
2) It's version and other info that plug-in websites tell about it.
3) Reproduction steps for the problem.
4) How you found out your FB account was hacked.
5) Why you tracked it down to this very plugin.
6) What can you tell about how it installed itself.
As for the quotes, I'm quite certain that is and will be an oft-repeating
mistake of mine. In my primary language, paraphrasing - if close enough to
original quotation - is usually marked by either italics or by quotation
marks. FWIW, I was aiming at irony and paraphrasing, to make you share more
information about that plugin, so yeah, you're quite welcome to say I was
being snarky. :) After all, for every newbie arguing developers are being
snarky when asked for help, there will be one developer saying newbies
don't know how to ask questions, now won't there? ;-)
Anyway, good luck with reclaiming your account!
> Hi Tomasz,
>
> Thanks for the links, I think I will make a bugzilla post concerning the
> suspicious plugin. However I don't know how to investigate the plugin to be
> sure that it was indeed a keylogger. At the very least it is a plugin
> pretending to be from facebook which in any case should be blocked for that
> reason alone.
>
> Your quotes can be construed as one of two ways; one is you are directly
> quoting something in my first email (which you weren't), and another is you
> are attempting to use them for emphasis which is generally considered as
> incorrect. See: https://en.wikipedia.org/wiki/Quotation_mark. I'm usually
> not overly critical of grammar in general, but you overused them a tad in
> your earlier reply (similar to how I seem to overuse parentheses ;) ) as a
> form of verbal eye-rolling. Many newbies use these often common snarky
> replies as a weak argument against the generally helpful open-source
> development mailing lists, and developers and general.
0 new messages