8 Responses

  1. Andy Barratt

    October 19, 2015 at 1:19 pm #

    Interesting times. I wonder which states they are most likely to report on.

    Whilst its true people who are using facebook for sensitive communications are doing it wrong hijacking a facebook account could be a very useful intelligence gathering exercise by a state entity. It could be that someone is connected to someone they are targeting and by hijacking a friend they get a lot more detail.

  2. righteous indignation

    October 19, 2015 at 2:10 pm #

    Not just another ploy to gain access to your mobile so they can spam you 24/7 no matter where you are? How about since they know of the attempts they simply block those and be done with it? What, and miss an opportunity to double ad displays?

    • coyote in reply to righteous indignation.

      October 21, 2015 at 3:51 pm #

      They are *not forcing* you to do *this*[1] and seeing as how they *have* forced users to do many *other things* that are questionable (if not worse), your theory fails because they would have already forced it.

      But besides that: You clearly have no experience as an administrator, especially one who considers security. If only it were as easy as to block attempts in such a way. What if it is the user? Account lockouts[2] can be abused to deny service to the user (and yes, it would be and has been done). And IP is no indication, either, because of roaming (etc.). This isn't an instance where they can use ingress filtering in such a way because of how many people use Facebook. There are other things to consider, too.

      [1] Besides, I really doubt they have a contract with carriers worldwide, in which case, they won't have this everywhere, which also breaks your theory.
      [2] Not to say they don’t have any use, but they can be (and are) abused – and for something like Facebook, it would definitely lead to problems because of their user base (they would lock themselves out, thus inducing withdrawal effects… because so many are addicted to it and their virtual friends).

  3. Pete

    October 19, 2015 at 6:37 pm #

    "…those who are using Facebook for sensitive communications should perhaps already be asking themselves whether they are doing things the right way."

    Huh? …you mean, there are actually people who use Facebook for sensitive communications?

    Wow.

    • coyote in reply to Pete.

      October 21, 2015 at 3:50 am #

      Yes. People are woefully ignorant, naive and it is worse than that (comes down to stupidity, doesn't it?). Surely you must know this.

      Don't be shocked. Expect it. Nothing should surprise you. Think of people using the well known (hence insecure) technique of sharing an email password (which would be insecure already), and then writing drafts (but not sending) so that they can correspond with their lover (or another kind of partner) safely. Except it isn't safe. But if it makes them feel better and safer – and it does – that's all it takes to make them consider it. It's at their risk.

      • Pete in reply to coyote.

        October 21, 2015 at 4:29 pm #

        Perhaps the ability to be shocked at the persistent and apparently inexhaustible stupidity of some of my fellow humanoids is my last defense against the final plunge into consummate cynicism.

  4. Ruf

    October 20, 2015 at 2:04 am #

    Facebook's "Login Approval" is their sleazy way of getting your cell phone number…nothing more.
    Yahoo is doing the same by eliminating passwords altogether requiring a text message to access your account.
    They want your cell # so they can ID you.

    • coyote in reply to Ruf.

      October 21, 2015 at 3:45 am #

      Using phone number instead of password is *very* different from 2FA. That's what the 2 stands for, you see? It's more than one layer, in this case it is two instead of one. Yes, Yahoo's idea is really stupid but it has nothing to do with wanting your mobile phone number so they can do .. what .. ever they do with your email?

      Edit: In other words, your claim is mostly speculation (or more like an assumption) if not outright libel, neither of which is helpful.

Leave a Reply