Jan Miksovsky (UI designer) has an interesting post on his blog about the phishing-friendly nature of Facebook apps. Consider the following scenario:
You get a message from someone you know (well, someone on your Facebook friends list, which means a complete stranger you've never met before but who you added because whoever dies with the most entries on their list wins) saying "Hey, click on/run this!". "This" is an unknown app that (by default) has access to your information and embeds itself in your Facebook experience. Sound like a phishing attack? Nope, it's SOP for Facebook: http://miksovsky.blogs.com/flowstate/2008/01/facebook-applic.html Facebook (and who knows how may other sites): Hard at work training up the next generation of phishing victims. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
