butlincat's blog - a blog...a seeker of the truth, the whole truth, and nothing but the truth...

butlincat's blog ..a seeker of the truth, the whole truth, and nothing but the truth...

“As long as justice is postponed we always stand on the verge of these darker nights of social disruption”...so said Martin Luther King Jr. in a speech on March 14, 1968, just three weeks before he was assassinated.

...hello + welcome!....FAIR USE NOTICE: This site may contain copyrighted (© ) material. Such material is made available to advance understanding of ecological, political, human rights, economic, democracy, scientific, moral, ethical, and social justice issues. This constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, this material is distributed for analysis, commentary, educational and intellectual purposes. In some cases comedy and parody have been recognized as fair use.

Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License..... For more information please visit:

http://www.law.cornell.edu/uscode/text/17/107

Targeted? victimised?...been dealt particularly "rough justice"? meet some who have, and still are! VICTIMS OF THE STATE https://butlincat.com/

This blog is for regular updates + info connected to the ILLUMINATI, 911, 7/7, recent UFO sightings, CHEMTRAILS, MORGELLONS [98% OF WORLDS POPULATION HAS MORGELLONS DISEASE, they claim - see #Morgellons & #SmartDust Infect Individuals to be Tracked via Satellite https://www.youtu.be/RvNDk2t8TGk], MIND CONTROL {MK ULTRA.MANNEQUIN etc.}, ELECTRONIC SURVEILLANCE, JOHN LEAR, ALEX COLLIER, PROJECT CAMELOT, PROJECT AVALON, MICHAEL TSARION, JORDAN MAXWELL, PRESTON NICHOLS, AL BIELEK, STEWART SWERDELOW, DUNCAN CAMERON, WILLIAM COOPER, PHIL SCHNEIDER, David Wilcock, FRITZ SPRINGMEIER, BILLY MEIER, MAX IGAN, STEW WEBB, "Democracy Now!", Henry Makow, Linda Moulton-Howe, Dan Burisch, Webster Tarpley, Brother Nathanael, Timothy Good, Miles Johnson, Jim Marrs, John Hutchison, Wikileaks, Julian Assange, Dr. John Hall, Edward Snowden, Vladimir Putin, John Lennon, Bob Zimmerman + many more who can only be described as heroes...

Wordpress: VICTIMS OF THE STATE https://butlincat.com/

Twitter: http://www.twitter.com/butlincat

facebook: https://www.facebook.com/#!/butlin.cat.9

"Do not be deceived, God is not mocked; for whatever a man sows, this he will also reap." Galatians 6:7

......Namaste.....John Graham - butlincat

Jai guru deva om जय गुरुदेव ॐ


Wednesday, 1 November 2017

Another reason to avoid Facebook - FAKE YOUTUBE LINKS - VIDEO

 Monday, October 30, 2017
facebook-link-spoofing


While scrolling on Facebook how you decide which link/article should be clicked or opened?

Facebook timeline and Messenger display title, description, thumbnail image and URL of every shared-link, and this information are enough to decide if the content is of your interest or not.

Since Facebook is full of spam, clickbait and fake news articles these days, most users do not click every second link served to them.

But yes, the possibility of opening an article is much higher when the content of your interest comes from a legitimate and authoritative website, like YouTube or Instagram.

However, what if a link shared from a legitimate website lands you into trouble?

 Even before links shared on Facebook could not be edited, but to stop the spread of misinformation and false news, the social media giant also removed the ability for Pages to edit title, description, thumbnail image of a link in July 2017.

However, it turns out that—spammers can spoof URLs of the shared-links to trick users into visiting pages they do not expect, redirecting them to phishing or fake news websites with malware or malicious content.

Discovered by 24-year-old security researcher
Barak Tawily, a simple trick could allow anyone to spoof URLs by exploiting the way Facebook fetch link previews.

In brief, Facebook scans shared-link for Open Graph meta tags to determine page properties, specifically 'og:url', 'og:image' and 'og:title' to fetch its URL, thumbnail image and title respectively.


facebook security

 
Interestingly, Tawily found that Facebook does not validate if the link mentioned in 'og:url' meta tag is same as the page URL, allowing spammers to spread malicious web pages on Facebook with spoofed URLs by just adding legitimate URLs in 'og:url' Open Graph meta tag on their websites.
"In my opinion, all Facebook users think that preview data shown by Facebook is reliable, and will click the links they are interested in, which makes them easily targeted by attackers that abuse this feature in order to perform several types of attacks, including phishing campaigns/ads/click fraud pay-per-click," Tawily told The Hacker News.
Tawily reported the issue to Facebook, but the social media giant refused to recognise it as a security flaw and referred that Facebook uses "Linkshim" to protect against such attacks.
 If you are unaware, every time a link is clicked on Facebook, a system called "Linkshim" checks that URL against the company's own blacklist of malicious links to avoid phishing and malicious websites.

This means if an attacker is using a new domain for generating spoofed links, it would not be easy for Linkshim system to identify if it is malicious.

Although Linkshim also uses machine learning to identify never-seen-before malicious pages by scanning its content, Tawily found that the protection mechanism could be bypassed by serving non-malicious content explicitly to Facebook bot based on User-Agent or IP address.

Tawily has also provided a demo video to show the attack in action. You can watch the video above.

Since there is no way to check the actual URL behind a shared link on Facebook without opening it, there is a little user can do to protect themselves except being vigilant.