Cavalry Key Logger used by facebook ---- WTF?!?!
-
why in gods name does facebook use this? i was implementing a stupid 'LIKE' button which is becoming a std feature and noticed this key logger found its way into my page :mad: how does one flag facebook as malware?
(NOTE: I am assuming Windows as the OS here) Just edit the Hosts file. There are several tools out there for the task, including several Open Source ones on CodePlex. Also, are you sure FB uses the keylogger? Could it be something else, like some kind of malware? (I don't use FB, so I wouldn't know myself)
Attempting to load signature... A NullSignatureException was unhandled. Message: "No signature exists" All of the books in the world contain no more information than is broadcast as video in a single large American city in a single year. Not all bits have equal value. Carl Sagan
-
(NOTE: I am assuming Windows as the OS here) Just edit the Hosts file. There are several tools out there for the task, including several Open Source ones on CodePlex. Also, are you sure FB uses the keylogger? Could it be something else, like some kind of malware? (I don't use FB, so I wouldn't know myself)
Attempting to load signature... A NullSignatureException was unhandled. Message: "No signature exists" All of the books in the world contain no more information than is broadcast as video in a single large American city in a single year. Not all bits have equal value. Carl Sagan
I dont really care about what happens on my DEV machine its my users i care about. I am using the
//connect.facebook.net/en_US/all.js#xfbml=1&appId=
facebook api thing and found that it inject Cavalry KeyLogger :((
-
I dont really care about what happens on my DEV machine its my users i care about. I am using the
//connect.facebook.net/en_US/all.js#xfbml=1&appId=
facebook api thing and found that it inject Cavalry KeyLogger :((
Oh, then I do not know.
Attempting to load signature... A NullSignatureException was unhandled. Message: "No signature exists" All of the books in the world contain no more information than is broadcast as video in a single large American city in a single year. Not all bits have equal value. Carl Sagan
-
I dont really care about what happens on my DEV machine its my users i care about. I am using the
//connect.facebook.net/en_US/all.js#xfbml=1&appId=
facebook api thing and found that it inject Cavalry KeyLogger :((
Is that URL correct? That is, Facebook.net rather than Facebook.com? Doesn't sound official and I don't particularly want to visit that domain myself.
-
Is that URL correct? That is, Facebook.net rather than Facebook.com? Doesn't sound official and I don't particularly want to visit that domain myself.
-
Is that URL correct? That is, Facebook.net rather than Facebook.com? Doesn't sound official and I don't particularly want to visit that domain myself.
-
i am pretty sure it is i am using this stuff http://developers.facebook.com/docs/reference/javascript/[^] if you have used the facebook like button search for "Cav" in the minified script it dumps on ya and it will become clear
Gotcha, looks like Facebook.net is legit.
killabyte wrote:
if you have used the facebook like button search for "Cav" in the minified script it dumps on ya and it will become clear
Are you certain that is the all.js file that is downloading that to your computer? Could it be getting injected by some other malware on your computer? I would not be surprised if Facebook did use a key logger though, as some of their functionality may require it. For example, when I upload an image and type in a comment, it is impossible for me to CTRL+A, CTRL+C my text... Facebook seems to prevent that somehow (maybe via this key logger).
-
Gotcha, looks like Facebook.net is legit.
killabyte wrote:
if you have used the facebook like button search for "Cav" in the minified script it dumps on ya and it will become clear
Are you certain that is the all.js file that is downloading that to your computer? Could it be getting injected by some other malware on your computer? I would not be surprised if Facebook did use a key logger though, as some of their functionality may require it. For example, when I upload an image and type in a comment, it is impossible for me to CTRL+A, CTRL+C my text... Facebook seems to prevent that somehow (maybe via this key logger).
AspDotNetDev wrote:
I would not be surprised if Facebook did use a key logger though, as some of their functionality may require it
On the other hand, it seems strange that they'd need a key logger for a LIKE button. This may be a privacy violation.
-
AspDotNetDev wrote:
I would not be surprised if Facebook did use a key logger though, as some of their functionality may require it
On the other hand, it seems strange that they'd need a key logger for a LIKE button. This may be a privacy violation.
-
why in gods name does facebook use this? i was implementing a stupid 'LIKE' button which is becoming a std feature and noticed this key logger found its way into my page :mad: how does one flag facebook as malware?
127.0.0.1 Works for me.
I wanna be a eunuchs developer! Pass me a bread knife!
-
127.0.0.1 Works for me.
I wanna be a eunuchs developer! Pass me a bread knife!
Good, you as a webmaster have protected yourself. What about the others visiting your site?
-
Good, you as a webmaster have protected yourself. What about the others visiting your site?
-
Good, you as a webmaster have protected yourself. What about the others visiting your site?
I'll keep them safe by never having any links to resources I can't directly control -- i.e. no ads, no adwords, no banners, no fb, no nothing that can pose a risk to visitors. For corporate sites, I would have thought that the safety and security of visiting customers/prospects were more important than links to twitter and fb. The whole "Internet community" thing needs to be thought through a lot more seriously -- by people other than marketing cretins.
I wanna be a eunuchs developer! Pass me a bread knife!
-
i am pretty sure it is i am using this stuff http://developers.facebook.com/docs/reference/javascript/[^] if you have used the facebook like button search for "Cav" in the minified script it dumps on ya and it will become clear
-
(NOTE: I am assuming Windows as the OS here) Just edit the Hosts file. There are several tools out there for the task, including several Open Source ones on CodePlex. Also, are you sure FB uses the keylogger? Could it be something else, like some kind of malware? (I don't use FB, so I wouldn't know myself)
Attempting to load signature... A NullSignatureException was unhandled. Message: "No signature exists" All of the books in the world contain no more information than is broadcast as video in a single large American city in a single year. Not all bits have equal value. Carl Sagan
This man gets my vote. I don't use fb either. :)
-
I'll keep them safe by never having any links to resources I can't directly control -- i.e. no ads, no adwords, no banners, no fb, no nothing that can pose a risk to visitors. For corporate sites, I would have thought that the safety and security of visiting customers/prospects were more important than links to twitter and fb. The whole "Internet community" thing needs to be thought through a lot more seriously -- by people other than marketing cretins.
I wanna be a eunuchs developer! Pass me a bread knife!
There was some profile pic that would not go away in my facebook friends suggestions, and it just bothered me because it was ALWAYS THERE....still is. So after attempting everything I could think of to get rid of this thing that is constantly and consistently there when I sign in, I decided to view the source code. The source code indicated something by the name of Calvary Logger. I've been researching it, and apparently it is a software they have named specifically for its use on facebook called 'calvary logger'....interesting choice of words wouldn't you say? Here is the software that facebook is using to track those on facebook who 'like' certain things, after which I guess they get 'tagged' by facebook with this spyware. http://www.keyloggersurveillance.com/[^]