Domain: skullsecurity.org
Stories and comments across the archive that link to skullsecurity.org.
Comments · 9
-
Re:FTFA
"I'm surprised TFA didn't link to the guy's blog. He has a good writeup there
http://www.skullsecurity.org/blog/?p=887 [skullsecurity.org]"That is because Stoobalou wanted you to go to think.co.uk to read the story, spend 30-60 seconds looking for a link to the original source(viewing ads the whole time, he hopes)...kind of like EVERY other story he has posted.
I agree. He could at least provide the link somewhere. What a tease.
-
Re:Okay, so...
This guy wrote a script to crawl Facebook and download everything he could.
It's not even about that, it's about a guy who wrote a script to collect usernames of everyone on facebook which double as the URL for their profiles. From there you can go and scrape everything you want. You don't even get their public information that they can chose to display on the front page like religion or real name. That's not even on there. No images, just URLs which double as logins.
This story is about a glorified crawler. No actual hacking transpired. No personal information that wasn't already revealed has been revealed. This is not news. In fact, I had to go back to TFS and double-check that kdawson wasn't the editor - that's how terrible this story really is.
It's worse than that. It's about a glorified crawler that was augmented with common names to create a list of possible usernames and URLs for Facebook. If you gave me a glorified crawler that collected interesting data inside a csv, I'd actually be a little interested in using it. Hell, anyone can do this in perl by coding for five minutes but it would take days for the thing to complete with a risk of banning from Facebook.
They say this in the article and from the original source. The summary is more than misleading and there's even less to say "big deal" about than you presupposed. -
No, It's Just a ListIf you go to the originator, here's all it contains:
This torrent contains:
* The URL of every searchable Facebook user's profile
* The name of every searchable Facebook user, both unique and by count (perfect for post-processing, datamining, etc)
* Processed lists, including first names with count, last names with count, potential usernames with count, etc
* The programs I used to generate everythingYou're going to get a URL to pages. If the user has since made them inaccessible, you'll only get what you can from their public profile. Like, you cannot get to my friends list from my public profile. You'll get "potential" usernames to log into Facebook. Big deal. Remember when everyone could make a username for Facebook and that was also their profile URL? Well, now you can guess the most common names and add them to this list like david. Then you could use ncrack or whatever.
Not a whole lot in this file. Not like he scraped the pages of data and put that in a csv file for research or anything really interesting. -
Re:FTFA
More likely it will precipitate a lawsuit. Why fix the problem when you can sue the pants off someone instead?
Sue for what? Violating Facebook's ToS?
I'm surprised TFA didn't link to the guy's blog. He has a good writeup there
http://www.skullsecurity.org/blog/?p=887The Torrent: http://www.skullsecurity.org/blogdata/fbdata.torrent
-
Re:FTFA
More likely it will precipitate a lawsuit. Why fix the problem when you can sue the pants off someone instead?
Sue for what? Violating Facebook's ToS?
I'm surprised TFA didn't link to the guy's blog. He has a good writeup there
http://www.skullsecurity.org/blog/?p=887The Torrent: http://www.skullsecurity.org/blogdata/fbdata.torrent
-
torrent
-
Detect it with Nmap
I spent the morning reverse engineering the Trojan and wrote an Nmap script to detect if a remote system is infected. Hope it helps out: http://www.skullsecurity.org/blog/?p=563.
Ron
-
Re:So...
Hey guys,
I'm the author of that script, and that's exactly right. I posted a full explanation on my blog.
-
Re:The entire .com TLD is a wastelandThey won't care, because they're still getting their monthly registration fees, so it's not like they're losing money on the deal.
And by the way, not all good domains are taken. I recently registered http://www.skullsecurity.org/ (and
.com, .net). I thought that was a pretty sweet domain!