Discussion:
Suspicious 'facebook' plugin with no info about it online
e***@gmail.com
2013-04-30 23:12:30 UTC
Permalink
Hi, sorry if this is the wrong newsgroup for this.

I got my facebook account hacked the other day, which was extremely alarming as I'm very careful with my security info, and I believe I tracked it down to a suspicious facebook plugin that somehow got installed. Since I couldn't find any info at all online I was wondering if anyone here would be interested, or if someone could direct me to someone who would like to check it out.

Maybe I should send it to the big security software vendors?

Thanks,
-Devin
Tomasz Borek
2013-05-01 11:44:39 UTC
Permalink
Maybe. Hard to say without knowing what exactly happened and why the
"mysterious" and "enigmatic" "somehow installing itself" from thin air
plugin ended up as primary suspect.

pozdrawiam,
LAFK
Post by e***@gmail.com
Hi, sorry if this is the wrong newsgroup for this.
I got my facebook account hacked the other day, which was extremely
alarming as I'm very careful with my security info, and I believe I tracked
it down to a suspicious facebook plugin that somehow got installed. Since I
couldn't find any info at all online I was wondering if anyone here would
be interested, or if someone could direct me to someone who would like to
check it out.
Maybe I should send it to the big security software vendors?
Thanks,
-Devin
_______________________________________________
dev-tech-plugins mailing list
https://lists.mozilla.org/listinfo/dev-tech-plugins
Tomasz Borek
2013-05-01 14:07:53 UTC
Permalink
Everyone else, feel free to point out better resources than those I am
pointing.

Devin,

It wasn't skepticism, but rather me sighing verbosely at inability to
answer question phrased like that. And I wasn't using quotation marks
consistently, but partially to paraphrase you and partially to convey the
"magicness" of the situation presented. :-) If you have some references for
me where I can find out what was wrong with that quotes usage, I'll gladly
peruse them.

I googled somewhat and what I can offer is:


- https://wiki.mozilla.org/Blocklisting - Mozilla Wiki explaining
blocklisting criteria and others
-
http://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist-
what it means, to blocklist
- https://addons.mozilla.org/en-US/firefox/blocked/ -> for reference for
other blocked add-ons or plug-ins, if you'd like to see other blocklisting
requests.


Now links above will help, if you would like to understand more. If you
feel you have the knowledge and this plugin *should* be blocklisted,
present your case via BugZilla, similarly like it was done here:
*https://bugzilla.mozilla.org/show_bug.cgi?id=780717*

If you wish to have some plugin information, for BugZilla report, feel free
to use these pages:

- http://www.mozilla.org/en-US/plugincheck/ - offers some information
about plugins you have, in regards to their validity and safety
- about:addons - I think it went like that, for some time now I'm using
Vimperator and am reaching this page differently
- slightly older Firefox diagnostic page from KB -
http://kb.mozillazine.org/Standard_diagnostic_(Firefox) - helpful to
determine if there ain't other issues you might have


Hope that helps.


pozdrawiam,
LAFK
I understand your skepticism (you aren't using quotations correctly but
1. The plugin is called the 'facebook plugin', but the facebook developers
have not made such a plugin. The only reason why someone would make a
plugin called that would be to avert attention.
2. I didn't intentionally install it, it must have piggy-backed on another
install process.
3. I check for plugin updates somewhat frequently and never noticed this
plugin before. That doesn't mean much on the face of it but...
4. I got my facebook account hacked recently, the guy knew my password and
tried to login but was locked out due to his location.
(I'm of course using 'him' but I don't know anything about the person).
Now I know firefox automatically blocks plugins that have known security
issues (certain versions of java being a popular one :P), I figured you
guys would want to investigate this plugin and possibly put it on a black
list in order to protect other potentially vulnerable users as well.
-Devin
Post by Tomasz Borek
Maybe. Hard to say without knowing what exactly happened and why the
"mysterious" and "enigmatic" "somehow installing itself" from thin air
plugin ended up as primary suspect.
pozdrawiam,
LAFK
Post by e***@gmail.com
Hi, sorry if this is the wrong newsgroup for this.
I got my facebook account hacked the other day, which was extremely
alarming as I'm very careful with my security info, and I believe I tracked
it down to a suspicious facebook plugin that somehow got installed. Since I
couldn't find any info at all online I was wondering if anyone here would
be interested, or if someone could direct me to someone who would like to
check it out.
Maybe I should send it to the big security software vendors?
Thanks,
-Devin
_______________________________________________
dev-tech-plugins mailing list
https://lists.mozilla.org/listinfo/dev-tech-plugins
Tomasz Borek
2013-05-01 16:21:41 UTC
Permalink
Devin,

Any investigation you did / could do is helpful to determine whether plugin
should be blocked or not. It's quite detailed in Bugzilla's for other
blocked items and in the Wiki page I linked. While it's nice of you to
report this, your original report was (IMO) hardly what I'd call detailed.
If you won't mind, add more information to BugZilla including, but not
limited to:
1) How do you know it's not legit.
2) It's version and other info that plug-in websites tell about it.
3) Reproduction steps for the problem.
4) How you found out your FB account was hacked.
5) Why you tracked it down to this very plugin.
6) What can you tell about how it installed itself.


As for the quotes, I'm quite certain that is and will be an oft-repeating
mistake of mine. In my primary language, paraphrasing - if close enough to
original quotation - is usually marked by either italics or by quotation
marks. FWIW, I was aiming at irony and paraphrasing, to make you share more
information about that plugin, so yeah, you're quite welcome to say I was
being snarky. :) After all, for every newbie arguing developers are being
snarky when asked for help, there will be one developer saying newbies
don't know how to ask questions, now won't there? ;-)

Anyway, good luck with reclaiming your account!


pozdrawiam,
LAFK
Hi Tomasz,
Thanks for the links, I think I will make a bugzilla post concerning the
suspicious plugin. However I don't know how to investigate the plugin to be
sure that it was indeed a keylogger. At the very least it is a plugin
pretending to be from facebook which in any case should be blocked for that
reason alone.
Your quotes can be construed as one of two ways; one is you are directly
quoting something in my first email (which you weren't), and another is you
are attempting to use them for emphasis which is generally considered as
incorrect. See: https://en.wikipedia.org/wiki/Quotation_mark. I'm usually
not overly critical of grammar in general, but you overused them a tad in
your earlier reply (similar to how I seem to overuse parentheses ;) ) as a
form of verbal eye-rolling. Many newbies use these often common snarky
replies as a weak argument against the generally helpful open-source
development mailing lists, and developers and general.
-Devin
Post by Tomasz Borek
Everyone else, feel free to point out better resources than those I am
pointing.
Devin,
It wasn't skepticism, but rather me sighing verbosely at inability to
answer question phrased like that. And I wasn't using quotation marks
consistently, but partially to paraphrase you and partially to convey the
"magicness" of the situation presented. :-) If you have some references for
me where I can find out what was wrong with that quotes usage, I'll gladly
peruse them.
- https://wiki.mozilla.org/Blocklisting - Mozilla Wiki explaining
blocklisting criteria and others
-
http://support.mozilla.org/en-US/kb/add-ons-cause-issues-are-on-blocklist- what it means, to blocklist
- https://addons.mozilla.org/en-US/firefox/blocked/ -> for reference
for other blocked add-ons or plug-ins, if you'd like to see other
blocklisting requests.
Now links above will help, if you would like to understand more. If you
feel you have the knowledge and this plugin *should* be blocklisted,
*https://bugzilla.mozilla.org/show_bug.cgi?id=780717*
If you wish to have some plugin information, for BugZilla report, feel
- http://www.mozilla.org/en-US/plugincheck/ - offers some information
about plugins you have, in regards to their validity and safety
- about:addons - I think it went like that, for some time now I'm
using Vimperator and am reaching this page differently
- slightly older Firefox diagnostic page from KB -
http://kb.mozillazine.org/Standard_diagnostic_(Firefox) - helpful to
determine if there ain't other issues you might have
Hope that helps.
pozdrawiam,
LAFK
I understand your skepticism (you aren't using quotations correctly but
1. The plugin is called the 'facebook plugin', but the facebook
developers have not made such a plugin. The only reason why someone would
make a plugin called that would be to avert attention.
2. I didn't intentionally install it, it must have piggy-backed on
another install process.
3. I check for plugin updates somewhat frequently and never noticed this
plugin before. That doesn't mean much on the face of it but...
4. I got my facebook account hacked recently, the guy knew my password
and tried to login but was locked out due to his location.
(I'm of course using 'him' but I don't know anything about the person).
Now I know firefox automatically blocks plugins that have known security
issues (certain versions of java being a popular one :P), I figured you
guys would want to investigate this plugin and possibly put it on a black
list in order to protect other potentially vulnerable users as well.
-Devin
Post by Tomasz Borek
Maybe. Hard to say without knowing what exactly happened and why the
"mysterious" and "enigmatic" "somehow installing itself" from thin air
plugin ended up as primary suspect.
pozdrawiam,
LAFK
Post by e***@gmail.com
Hi, sorry if this is the wrong newsgroup for this.
I got my facebook account hacked the other day, which was extremely
alarming as I'm very careful with my security info, and I believe I tracked
it down to a suspicious facebook plugin that somehow got installed. Since I
couldn't find any info at all online I was wondering if anyone here would
be interested, or if someone could direct me to someone who would like to
check it out.
Maybe I should send it to the big security software vendors?
Thanks,
-Devin
_______________________________________________
dev-tech-plugins mailing list
https://lists.mozilla.org/listinfo/dev-tech-plugins
Loading...