[–]▶ No.979191>>979202 >>979304 >>979361 >>979435 [Watch Thread][Show All Posts]
Facebook just announced it was hacked, and almost 50 million users have been affected
>A hacker gained access to nearly 50 million Facebook user accounts by exploiting a weakness in the social network's systems, Facebook said on Friday.
>News of the cyber attack --- which appears to be one of the most significant in Facebook's history — sent shares of the company down roughly 3% in midday trading on Friday, adding to the pile of woes currently weighing on the company. Facebook CEO Mark Zuckerberg hosted a conference call with journalists shortly after the news was announced, underscoring the severity of the situation. "We do not yet know whether these accounts were misused but we are continuing to look into this and will update when we learn more," Zuckerberg said in a blog post published on Friday.
>The Silicon Valley tech firm said it discovered on Tuesday that an unknown attacker, or attackers, had taken advantage of a security flaw to take over users' accounts. The flaw was related to the "View As" feature that lets people see what their own profile looks like through the eyes of another user, Facebook explained. "This allowed them to steal Facebook access tokens which they could then use to take over people's accounts," Facebook's VP of Product Management Guy Rosen wrote in a separate blog post. "Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don't need to re-enter their password every time they use the app."
>Facebook says it's not yet clear who is behind the attack. On the conference call, Rosen said that there was no evidence that users' private messages had been compromised, but cautioned that that could change as the process continues. It's also not clear on what grounds people were targered, or why.
>The revelation comes a day after a famous Taiwanese hacker publicly declared plans to delete Zuckerberg's Facebook account and to livestream the feat. Facebook representatives said on the conference call that they did not believe the cyber attack was related to the Tawainese hacker.
archive down
https://unv.is/businessinsider.com/facebook-security-attack-affecting-50-million-users-2018-9
https://www.businessinsider.com/facebook-security-attack-affecting-50-million-users-2018-9
▶ No.979199>>979310
hahahahaha
BURN, BURN, BURN
▶ No.979201>>979204 >>979213 >>979222 >>979224 >>979381 >>979430 >>979435 >>979437 >>979493 >>980225
>facebook keeps killing itself
>privacy respecting alternatives keep not taking advantage of it
This timeline fucking sucks.
▶ No.979202
>>979191 (OP)
and now for an actual link:
http://archive.is/2018.09.28-202432/https://newsroom.fb.com/news/2018/09/security-update/
>it’s clear that attackers exploited a vulnerability in Facebook’s code that impacted “View As”, a feature that lets people see what their own profile looks like to someone else.
sounds very webscale
typical code malreuse from webshotters. i wonder why they still brag about how retarded they are
>Here is the action we have already taken. First, we’ve fixed the vulnerability and informed law enforcement.
<hacking a social media service is a serious offense goyim
>The attackers not only needed to find this vulnerability and use it to get an access token, they then had to pivot from that account to others to steal more tokens.
<it was a sophisticated cyberattack done by state level actors goy
>There’s no need for anyone to change their passwords.
inb4 there's a way to capture passwords or at least extract the hashes while you have their session
▶ No.979204
>>979201
Don't forget this:
>Facebook owns popular, proprietary "competing" platforms, making their own platform's decline irreleavant to the longevity of the company.
▶ No.979213>>979225 >>979229
>>979201
>privacy respecting alternatives
<SocialNetworkSoftware, respecting, privacy
▶ No.979222
>>979201
>privacy respecting alternatives
What would those look like? Unless you are hosting your own server or using end-to-end encryption, you should assume that the server operator is keeping everything you send to it. Even if the service is running Free Software you cannot be certain that what the server is running is the same.
▶ No.979224>>979238 >>979347 >>979435
>>979201
Normies don't care about these things. Judenbook can get hacked 6 million times and nothing will change.
Don't forget normies literally have the mind of niggers because of the negrification of culture in most countries, and one of the behaviours present in nigger villages is that everyone knows everything about everyone.
▶ No.979225>>979231 >>979381
>>979213
RetroShare.
Completely decentralized: there is no company to violate you privacy, because there is no company. Your information is cryptographically only accessible to those you give permissions to access this information.
▶ No.979229>>979235
>>979213
Scuttlebutt/Manyverse seems to be private by design, but in order to get any use out of it I'd need friends.
▶ No.979231>>979248
>>979225
<Retroshare Alice sent Bob a message with his pub.key at YYYYMMDDHHSS with this [outgoing] IP address with a size of XXXBytes w/X failed packets [of intentional latency, throttle, and fuzzing]
<Eve saw this, Charlie routers did too, Chuck laughs,
<Craig won't disclose a vulnerability he found on the most common client bypassing GPG, perhaps he's paid millions by government clients worldwide
<Dan befriended Bob's other friend, and somehow acquired Alice's secret pub.key only Bob should know.
<Grace knows everything since their hardware has been proved comprised.
Yeah, private "P2P"
▶ No.979235>>979237
>>979229
>Scuttlebutt/Manyverse
>Javashit,TCP,
<Private
Coomon beibi
▶ No.979237>>979244
>>979235
>implying my router is doing deep packet inspection on encrypted TLS traffic
Get the fuck out of my house
▶ No.979238>>979347
>>979224
So, how might the secure alternatives become mainstream? As I see it, advertisers/etc would then have no backdoor to people's info.
▶ No.979244>>979249
>>979237
Your TLS is correctable transmission, or random faultable continues stream?
<Using unstable behaviour JIT to "secure" your message at the end.
Doesn't TLS have this huge caveat known as compromised Certificate Authorities commonly known as dumb Charlie, and whatever was written in its RFC?
Imagine embedding giving ring 0 access to NPM.JS
▶ No.979248>>979250
>>979231
<Retroshare Alice sent Bob a message with his pub.key at YYYYMMDDHHSS with this [outgoing] IP address with a size of XXXBytes w/X failed packets [of intentional latency, throttle, and fuzzing]
<Eve saw this, Charlie routers did too, Chuck laughs,
>What is a proxy?
<Craig won't disclose a vulnerability he found on the most common client bypassing GPG, perhaps he's paid millions by government clients worldwide
Real risk, same is true for any other piece of software.
<Dan befriended Bob's other friend, and somehow acquired Alice's secret pub.key only Bob should know.
This is the only downside specific to a P2P system like Retroshare that you've mentioned.
<Grace knows everything since their hardware has been proved comprised.
You can't solve this. If your hardware is compromised there is nothing you can do except not use it.
▶ No.979249>>979254
>>979244
>missing the point entirely
▶ No.979250>>979256 >>979294
>>979248
>>What is a proxy?
>Chuck and Charlie laugh at you
<Eve at large
Metadata win!
It took Chuck Germany to break retroshare forever.
▶ No.979254
>>979249
That you still have leaky metadata? How is that "private".
It took Chuck milliseconds to break your Node server because JIT on ring 0, thus encryption is bypassed by design.
▶ No.979256
▶ No.979294>>979369
>>979250
Try writing this post again. It's a complete non-rebuttal but you sound like you're trying to communicate a message
>anon laughs at you
<princess koopa calls you autistic
I told you so!
▶ No.979304
>>979191 (OP)
ZOMG TEH RUSSIANS ARE HACKING THE 2020 ELECTIONS
>We'll have to remove Drumpf from the ballot just to make things fair goy.
<[greedy rubbing noises]*
▶ No.979310>>979347
>>979199
>Thinking shit like this will ever be large enough to impact a too big to fail company
▶ No.979314>>979329
>implying they didn't just sold those users info on purpose
yes, i also believe everything the mass media tells me
▶ No.979321
▶ No.979329
>>979314
>implying jews are allowed to devalue the stock of other jews
That's illegal goy! We are suing mr. zuckerberg for causing us to lose money.
▶ No.979330
People still use this trash?
▶ No.979347>>979351
>>979238
They don't. And they will never be, don't even fucking bother trying. /tech/ has already come to the unanimous consensus that the kikes will win this one, like they always do when fighting against us sane people. NPCs will never, 'ever''"' learn from this. If you think that there will be any alternative to FB in the future, you're delusional.
>>979310
>>979224
This. One thing that we have to remember in all this is that the jews always win, and the NPCs will never learn. It's over. We lost. There is no option but surrender.
▶ No.979351>>979357
>>979347
>just give up goyim
▶ No.979357
>>979351
Can I keep blackpill-anon as a pet?
▶ No.979361
>>979191 (OP)
Cool. Hope it happens more often.
▶ No.979369>>979372
>>979294
It's ok to admit Alice&Bob games weren't taught to you. It's worst to believe Retroshare can save you from one bad actor in group, when everyone outside the network can see everything as plain as day.
If your neighbors and ISP can identify with who in retroshare you are communicating, when, how much, what version, where, etc., claiming "private SNS" is as good as locket mail.
ssb/dat guy needs a slap into two for forgetting TCP is a vulnerability.
▶ No.979372>>979381 >>979886
>>979369
>encrypt your messages end to end
<it's not encrypted
▶ No.979381>>979386
>>979372
Honey:
>>979201
>privacy respecting alternatives
>>979225
>RetroShare.
>Completely decentralized: there is no company to violate you privacy
Privacy≠Encryption
If you send physical mail on a cipher, everyone that delivered your letter knows when, where to&from, how big, what font ink paper printer fibers & residue, to dear old Bob, including your stalker neighbor.
▶ No.979386>>979391
>>979381
>they know all these things
<except what was actually said
Oh no.
▶ No.979391>>979545
>>979386
Before someone rebuts this anon with 'we kill people based on metadata', I would like to point out that my adversary is targeted advertising and other mass data harvesting so this would constitute an acceptable level of privacy.
▶ No.979430>>979545
>>979201
The best alternative to social networks is real life.
▶ No.979435>>979486 >>979492 >>979811
>>979191 (OP)
*inhales*
HAHAHAHAHA
FUCKING KEK
literally 2 days ago:
<NPC: hey anon, you have kikebook?
>I: no
<NPC: lmao why?
>I: *shrug* just
Then hear really silently from your back:
<NPC: (to other NPCs) kek, look at him, he doesn't have kikebook, weirdo ay?
>>979201
this, but it's because of >>979224 this
>normies literally have the mind of niggers
unfortunately
▶ No.979437
>>979201
Just like Windows and operating systems.
▶ No.979444>>979545
Can we cool it on the anime-tranny-monster porn?
▶ No.979478>>979481 >>979545 >>979824
Let me get this straight: the attackers got control over the accounts, but no leak of passwords happened? If so, revoking the session keys should be easy and fast enough.
Phone numbers, posts, friend lists and emails are already public information in most accounts, so there shouldn't be a huge leak of information. Unless I'm misunderstanding what happened.
▶ No.979481>>979507
>>979478
>muh passwords
yes they only got the session. as seen by your post infosec for the last 20 years has been so retardedly focused on passwords that they don't understand the implications of 50 million sessions being stolen
▶ No.979486>>979494 >>979843
>>979435
And now yoi realize that this will never change. Facebook is eternal as fuck and /tech/ knows it. Nobody will fight back anymore. Eventually you will see Zuckerberg become the 46th POTUS because NPCs are that gullible. There will naver be any more mother fucking escape from monopolies. Don't even fucking try fighting back.
Pic related, the people who are the bane of our existance and an actual based cuckchan meme for once.
▶ No.979488>>979490 >>979843
Fucking FB alternatives will never be a fucking thing you fucking autistic bluepill fucking niggers stop fucking trying to fucking escape stop fucking guaranteeing your mother fucking death you dumb shit ass noggers
▶ No.979490
▶ No.979492>>979494 >>979500
>>979435
Screenshot this fucking post to remind bluepill nigger fucks that nothing will ever get better and that fighting back is literally fucking impossible.
▶ No.979493
>>979201
>normalniggers
>caring about privacy
▶ No.979494
>>979492
>>979486
go die in a hole then
why do you even post here?
▶ No.979500>>979538
>>979492
>being this blackpilled
▶ No.979507
>>979481
Your average user only cares about their password and their personal info (which is mostly available publicly on Facebook anyway.) As for the fix, it should be easy enough to do.
I admit that I don't get why so much fuss about FB sessions being stolen. Besides sending spam and automating likes, what else can be done with a stolen FB account?
>>979503
How am I avatarfagging? I haven't even posted anything in a couple days.
▶ No.979538>>979578
>>979500
I'M GONNA GIVE YOU 3 SECONDS, EXACTLY 3 FUCKING SECONDS TO WIPE THAT STUPID LOOKING GRIN OFF YOUR FACE OR I WILL GOUGE OUT YOUR EYEBALLS AND SKULL-FUCK YOU IN LAYER 9
ONE
TWO
THREE
▶ No.979545>>979817
>>979391
>my adversary is targeted advertising and other mass data harvesting so this would constitute an acceptable level of privacy.
So, retroshare fails here,,,,,
Wasn't Microsoft Google Cloudflare et alter joining forces to "save bandwidth"?
>>979430
Someone intelligent!
What was that phrase? What put on the internet stays forever?
>>979444
What's that?
>>979478
I read the report days ago: Facebook has a "View as" feature that only privileged users can use, it was set on for everyone, so anyone could see any account as anyone else, and extrapolate more data than usual. "It's been fixed".
▶ No.979811>>979823 >>979832
>>979435
<NPC: hey anon, you have kikebook?
>I: no
<NPC: lmao why?
Some fucker actually asked "why not?" to me immediately after the Cambridge Analytica fiasco.
▶ No.979817>>979855
>>979545
>So, retroshare fails here,,,,,
Could you please justify your claim by explaining how a corporate adversary (ISP, data harvester, whatever) would feasibly be able to intercept and decrypt a RetroShare transfer to obtain anything more than transfer metadata?
Even with mediocre OPSEC, it doesn't seem obvious how this could be done.
A good reply could provide some healthy skepticism towards the common claim that RetroShare is a great platform for privacy (advertised by sites such as privacytools.io).
▶ No.979823>>979825
>>979811
Nothing can stop the eternal FaceJew now. NPCs will never, EVER learn.
▶ No.979824
>>979478
>image
>not "probe every port until you find my backdoor!"
>not "i'll let you audit all my bits, you'll see that i'm a big-endian girl"
>not "root me!"
4294967296 / 10 , would not pen test
▶ No.979825
>>979823
>NPCs will never, EVER learn.
Well that's because no-one is teaching them. Not rocket science.
▶ No.979832>>980007
>>979811
>he is so weak minded that advertisements changed his political opinion
lamo
▶ No.979843
>>979488
>>979486
Man you are just incapable of posting less than two posts in a row. Here, have this (You), I know you love them.
▶ No.979855>>979866 >>980052
>>979817
>intercept
It's your ISP, it sells your network traffic to ad agencies:
https://www.usatoday.com/story/tech/news/2017/04/04/isps-can-now-collect-and-sell-your-data-what-know-internet-privacy/100015356/
They easily know you use Retroshare, they know you contact Bob using Retroshare, they know when you connect, they know how big the messages are, they know where you both live, esp. if Chuck/proxy sells your traffic as well, they know what version your Retrosharr client is, what OS you're running, and your neighbor gets paid a discount to fuzz your connection to know when you really are using retroshare or accessing TOR.
This isn't about decrypting the contents of your message, but how much Alice&Bob talk to each other on a meme network.
An ad agency will send you ads knowing you both like to use the meme network. Maybe some hardware or software ads, maybe archival media, hdd discounts, newegg one time deals, maybe that pregnancy kit, who knows:
Your contacts with Bob aren't private, the contents maybe (if you really trust the crypto), but every with just two servers know Alice&Bob use a meme network.
>common claim that RetroShare is a great platform for privacy (advertised by sites such as privacytools.io).
You really are naïve. Common claims like yellow bile, black bile, phlegm and blood took centuries to reach consequences of myth. A person that doesn't test claims on their own, are not worth the trouble.
In these discussions, none mentioned Bitmessage, I2P Bote, URC, mixminion, sneakernet, etc.. Shows how low intel /tech/ is.
▶ No.979859
, but everyone with*
reach consensus*
▶ No.979866>>979873
>>979855
>your isp in some cases can figure out who you're talking to/what public square you're talking in
>but they have no idea about what was said/what obscure corner of the public square you spoke in
▶ No.979873>>979878 >>980052
>>979866
Yah see, truly unworthy of the trouble dismissing criticism.
How are your NIST RSA const working out for you?
▶ No.979878>>979886
>>979873
Your lack of understanding of both networking and encryption is boring me, anon. Post something mildly worrying at least. An NSA flaw, flagged by Microsoft of all people, isn't it.
▶ No.979886>>979887 >>980052
>>979878
The only person citing encryption is you: >>979372
How'd that HeartBleed worked out for you guys?
>An NSA flaw, flagged by Microsoft of all people, isn't it.
What?
▶ No.979887
>>979886
>cites NIST weaknesses
>knows nothing about it
>cites NIST weaknesses
<y-you're mentioning encryption, n-not me!
▶ No.979895
Deja vu, I thought they had a View As exploit back in 2010.
▶ No.979911
Samefagging in this thread is out of control, this board really needs IDs.
▶ No.980007
>>979832
There's people in this board right now whose entire political knowledge comes from anonymous posts on the videogame and/or politically incorrect boards of anime-discussing websites.
▶ No.980225
>>979201
social media is inherently unprivate read mcluhan
▶ No.980341