8 comments on “Facebook: ‘Your account may be targeted in state-sponsored attacks’”

  1. Andy Barratt

    Interesting times. I wonder which states they are most likely to report on.

    Whilst its true people who are using facebook for sensitive communications are doing it wrong hijacking a facebook account could be a very useful intelligence gathering exercise by a state entity. It could be that someone is connected to someone they are targeting and by hijacking a friend they get a lot more detail.

  2. righteous indignation

    Not just another ploy to gain access to your mobile so they can spam you 24/7 no matter where you are? How about since they know of the attempts they simply block those and be done with it? What, and miss an opportunity to double ad displays?

    1. coyote · in reply to righteous indignation

      They are *not forcing* you to do *this*[1] and seeing as how they *have* forced users to do many *other things* that are questionable (if not worse), your theory fails because they would have already forced it.

      But besides that: You clearly have no experience as an administrator, especially one who considers security. If only it were as easy as to block attempts in such a way. What if it is the user? Account lockouts[2] can be abused to deny service to the user (and yes, it would be and has been done). And IP is no indication, either, because of roaming (etc.). This isn't an instance where they can use ingress filtering in such a way because of how many people use Facebook. There are other things to consider, too.

      [1] Besides, I really doubt they have a contract with carriers worldwide, in which case, they won't have this everywhere, which also breaks your theory.
      [2] Not to say they don’t have any use, but they can be (and are) abused – and for something like Facebook, it would definitely lead to problems because of their user base (they would lock themselves out, thus inducing withdrawal effects… because so many are addicted to it and their virtual friends).

  3. Pete

    "…those who are using Facebook for sensitive communications should perhaps already be asking themselves whether they are doing things the right way."

    Huh? …you mean, there are actually people who use Facebook for sensitive communications?


    1. coyote · in reply to Pete

      Yes. People are woefully ignorant, naive and it is worse than that (comes down to stupidity, doesn't it?). Surely you must know this.

      Don't be shocked. Expect it. Nothing should surprise you. Think of people using the well known (hence insecure) technique of sharing an email password (which would be insecure already), and then writing drafts (but not sending) so that they can correspond with their lover (or another kind of partner) safely. Except it isn't safe. But if it makes them feel better and safer – and it does – that's all it takes to make them consider it. It's at their risk.

      1. Pete · in reply to coyote

        Perhaps the ability to be shocked at the persistent and apparently inexhaustible stupidity of some of my fellow humanoids is my last defense against the final plunge into consummate cynicism.

  4. Ruf

    Facebook's "Login Approval" is their sleazy way of getting your cell phone number…nothing more.
    Yahoo is doing the same by eliminating passwords altogether requiring a text message to access your account.
    They want your cell # so they can ID you.

    1. coyote · in reply to Ruf

      Using phone number instead of password is *very* different from 2FA. That's what the 2 stands for, you see? It's more than one layer, in this case it is two instead of one. Yes, Yahoo's idea is really stupid but it has nothing to do with wanting your mobile phone number so they can do .. what .. ever they do with your email?

      Edit: In other words, your claim is mostly speculation (or more like an assumption) if not outright libel, neither of which is helpful.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.