Facebook’s open source library has grown to 9.9M lines of code

Facebook loves to share how much it likes open source, and the social network has followed through on that note with a status update on its activities this year.

Here’s a rundown, by the numbers:

• Launched 63 new projects since January 2014
Total active Github portfolio stands at exactly 

• 200 for projects spread across Facebook, Instagram and Parse

• Facebook’s open source projects have seen 13,000 total commits, an increase of 45 percent from the second half of 2013.

• Projects collectively have netted 20,000 forks and 95,000 followers.

• Facebook’s total open source library stands at approximately 9.9 million lines of code.

The Menlo Park, Calif.-based company highlighted a number of its more popular projects in a blog post on Friday, putting user interface Javascript library React and iOS/OS X animation engine Pop in the spotlight.

The latter has played a large role in a pair of other Facebook projects with which end users might be more familiar.

That would be the first two projects rolled out from Facebook’s Creative Labs department: digital news reader app Paper and Snapchat-competitor Slingshot.

Facebook engineers revealed Pop “spawned a host of extensions and integrations, including the iOS version of our very own Slingshot.” Pop has also grown to become Facebook’s second most popular open source project ever.

Looking forward, Facebook is following through on some of the products it unveiled to developers at F8 in San Francisco back in April. One product making its way out the door today in beta access is Display Node, Facebook’s open source asynchronous UI framework.

Source: ZD Net

Skype Twitter Account Hacked, Group Posts Anti-Microsoft Sentiments

It looks like 2014 is off to a series of hacks, with our report earlier claiming that Snapchat was hacked, compromising some 4.6 million user names and phone numbers in the process, and now it looks like Microsoft’s Skype Twitter and Facebook accounts have been hacked by the Syrian Electronic Army, who have in the past successfully hacked Twitter, The Financial Times, and The Washington Post just to name a few. The group took the opportunity to tweet out some anti-Microsoft sentiments, and advised the followers to stop using Microsoft’s services due to monitoring, which we can only assume has to be related to the recent bout of accusations leveled at the NSA.

According to the tweet, “Don’t use Microsoft emails(hotmail,outlook), they are monitoring your accounts and selling the data to the governments. More details soon #SEA.” The tweets have since been deleted which we can only assume means that Microsoft has managed to regain control of their accounts. Thankfully unlike the Snapchat hack, this was only the hack of Microsoft’s Twitter and Facebook pages, meaning that as far as user information is concerned, it appears to be still intact. Microsoft has yet to respond to the hack.

Source: Ubergizmo

Logins stolen from Facebook, Google, ADP payroll processor

Two million logins and passwords from services such as Facebook, Google and Twitter have been found on a Netherlands-based server, part of a large botnet using controller software nicknamed “Pony.”

Another company whose users’ login credentials showed up on the server was ADP, which specializes in payroll and human resources software, wrote Daniel Chechik, a security researcher with Trustwave’s SpiderLabs.

It’s expected that cybercriminals will go after main online services, but “payroll services accounts could actually have direct financial repercussions,” he wrote.

ADP moved US$1.4 trillion in fiscal 2013 within the U.S., paying one in six workers in the country, according to its website.

Facebook had the most stolen credentials, at 318,121, followed by Yahoo at 59,549 and Google at 54,437. Other companies whose login credentials showed up on the command-and-control server included LinkedIn and two Russian social networking services, VKontakte and Odnoklassniki. The botnet also stole thousands of FTP, remote desktop and secure shell account details.

It wasn’t clear what kind of malware infected victims’ computers and sent the information to the command-and-control server.

Trustwave found the credentials after gaining access to an administrator control panel for the botnet. The source code for the control panel software, called “Pony,” was leaked at some point, Chechik wrote.

The server storing the credentials received the information from a single IP address in the Netherlands, which suggests the attackers are using a gateway or reverse proxy in between infected computers and the command-and-control server, he wrote.

“This technique of using a reverse proxy is commonly used by attackers in order to prevent the command-and-control server from being discovered and shut down — outgoing traffic from an infected machine only shows a connection to the proxy server, which is easily replaceable in case it is taken down,” Chechik wrote.

Information on the server indicated the captured login credentials may have come from as many as 102 countries, “indicating that the attack is fairly global,” he wrote.

Source: Network World

BlackBerry Met With Facebook Last Week on Potential Bid

Via: WSJ BlackBerry Ltd. executives flew to California to meet with Facebook Inc. last week to gauge its interest in a potential bid for the struggling smartphone-maker, according to people familiar with the matter.

It remains unclear whether Facebook is interested in placing a bid. Spokesmen for both companies declined to comment.

Last month BlackBerry struck a preliminary deal to go private with Canadian insurer Fairfax Financial Holdings Ltd. for $4.7 billion, or $9 a share. The due diligence period for that deal ends next week, but BlackBerry and its advisers remain open to interest from other potential bidders. The deadline for other bids is Monday.

BlackBerry does have other players circling. Earlier this month The Wall Street Journal reported that Chinese computer giant Lenovo Group Ltd. was interested in a possible bid. And BlackBerry has signed a nondisclosure agreement with distressed asset specialists Cerberus Captial Management LP, people familiar with the matter have said.

BlackBerry’s co-founders, Mike Lazaridis and Doug Fregin are also weighing a bid, according to a Securities and Exchange Commission filing earlier this month.

Source: WSJ

Now anyone can find you on Facebook

The social network kills off a privacy setting that allowed members to prevent themselves from appearing in search results. Users can still block individual users from seeing their profiles in search.

It may have been a long time coming, but those hidden in plain sight on Facebook are in for a rude awakening in the weeks ahead.

The social network said Thursday that it is, as promised 10 months ago, killing off a privacy setting that allowed members to prevent themselves from appearing in search results. Facebook first put the setting, called “Who can look up your Timeline by name?,” on life support in December of last year, removing it for people who weren’t using it. Now, it’s ready to finish off the job.

Simply put, the setting let people hide their Timelines — aka profiles — from public view. Members could use it to control if they could be found, and by whom, when other people typed their name into the Facebook search bar.

“For the small percentage of people still using the setting, they will see reminders about it being removed in the coming weeks,” Facebook announced in a blog post on the change. “Whether you’ve been using the setting or not, the best way to control what people can find about you on Facebook is to choose who can see the individual things you share.”

Facebook tells the remaining members using a Timeline privacy setting that it has better ways for them to manage their privacy on the social network.
Facebook

The change is bound to cause some confusion, if not stir up strong emotions. Privacy and Facebook have always had a complicated relationship, and now it’s as if the company is decreeing: if you’re a member, you can be found, and what people find on your Timeline is entirely up to you.

For its part, Facebook will remind people with an on-site notice that when they post something publicly, the post can be seen by anyone, including people they may not know. It should also be noted that Timelines will not be visible to people you’ve blocked.

Facebook’s argument in eliminating the setting is that it gave people a false sense of security. “Our concern, quite frankly, is that people think it provides a level of security, but it actually doesn’t,” Nicky Jackson Colaco, a member of the Facebook Privacy team, said in an interview with CNET in December.

The social network contends that the setting never prevented people from finding Timelines in other ways such as clicking on a name in a status update. Another plausible motivation behind the change is improving the quality of the people results in Graph Search, Facebook’s nascent natural language search engine.

The extra-long warning or the seemingly rational explanation may do little to temper the concerns of those who have clung to the last bit of anonymity they have left on the social network. But ready or not, Facebook search here you come.

Source: cnet.com

How Facebook Hashtags Impact Your Privacy

Facebook users: Get ready to see a lot more of the hashtag in your News Feed.

The social network announced that it is rolling out the popular feature to users over the next few weeks.

Hashtags, made famous by microblogging site Twitter and used on a number of other social sites such as Instagram, Pinterest and Tumblr, turn topics and phrases into clickable links on your personal timeline or your Page. They also make your post searchable.

“To date, there has not been a simple way to see the larger view of what’s happening or what people are talking about,” says Greg Lindley, product manager at Facebook. Hashtags, he says, will help bring more conversations to the forefront.

According to Facebook, hashtags will appear blue and will redirect to a search page with other posts that include the same hashtag.

As part of the rollout, Facebook says you will also be able to click hashtags that originated on other services, such as Instagram, which is owned by Facebook. It also plans to roll out additional features, including trending hashtags, in the near future, it says.

While hashtags are widely used on other sites, there are a couple of things you need to know about the new feature and how it does and doesn’t affect your Facebook privacy.

First, adding a hashtag does not affect the privacy of your post. If your privacy settings are set to Friends, for example, only your friends can view it. Similarly, if your friends search for a hashtag that you’ve used in the past, your post will appear only to them-and no one else-in search results, Facebook says.

“As always, you control the audience for your posts, including those with hashtags,” Lindley says.

Second, if you use a hashtag in a post you publish and you want it to be searchable to everyone, remember that your most-recent privacy setting is the one Facebook will default to for subsequent posts, unless you change it back.

For example, say your privacy settings are “Friends Only” You decide to change the privacy setting for one particular post to “Public.” Your subsequent posts will be public unless you change it back to “Friends Only.”

Source: Network World

Facebook Hacked, Claims “No Evidence of User Data Compromised”

Facebook announced on Friday that it had been the target of a series of attacks from an unidentified hacker group, which resulted in the installation of malicious software onto Facebook employee laptops.

“Last month, Facebook security discovered that our systems had been targeted in a sophisticated attack,” the company said in a blog post. “The attack occurred when a handful of employees visited a mobile developer website that was compromised.”

Facebook says that these employees then had malware installed on their laptops as a result of their visiting the web site. The hack used what is called a “zero-day Java exploit,” a known vulnerability in Oracle’s software which has gained much attention in recent months. Essentially, anyone visiting a website using this attack who also has Oracle’s Java enabled in their browser was vulnerable. As a result, hackers inserted malware onto the laptops of multiple Facebook employees.

“As soon as we discovered the presence of malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day,” the post read.

In the company’s post, Facebook notes that it had “found no evidence that Facebook user data was compromised.”

Facebook did not say what the hackers did have access to, however, after the installation of said malware.

Facebook’s announcement comes on the heels of a string of recent attacks on other major Web sites. Twitter, the microblogging social network that hosts more than 200 million active users on its service, announced it had been hacked two weeks ago, and that upwards of 250,000 user accounts may have been compromised as a result.

Other targets have included the Washington Post, The New York Times and the Wall Street Journal, all of which have said they believe that the Chinese government was somehow involved in their system infiltration.

But both Facebook and Twitter, in their respective blog posts, make no direct comparison or accusation to the hacks made on the Times, the Journal or the Post.

Facebook declined to comment when asked if the company suspected the Chinese government was involved.

Something to note, however; Facebook directly points to the zero-day exploit, which takes advantage of Oracle’s Java vulnerability, as the root cause of the attack. While Twitter did not detail the exact methods of how its systems were infiltrated, Twitter director of information security Bob Lord reminded users that security experts strongly recommend turning off the problematic Java inside of their browsers.

That could suggest that the two attacks were connected, though neither company says as much outright. But both Facebook and Twitter included language in their posts that their respective companies were part of a larger series of attacks on multiple companies over the past few months.

“Facebook was not alone in the attack. It is clear that others were attacked and infiltrated recently as well,” the company’s post says.

Twitter did not immediately respond to a request for comment.

The string of hacks also come as U.S. President Barack Obama recently released an executive cybersecurity order during his State of the Union address earlier this week, which would better allow government agencies to share information related to cyber-espionage and attacks within the private sector, while avoiding many of the unpopular concessions that the previously proposed CISPA made.

For now, however, Facebook will continue its investigation with law enforcement, as well as pursue its own “informal” cooperative investigation with others in the space.

“As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.”

Source: All Things D

The Botnet That Stole 16,000 Facebook Logins

Malware managed to pilfer over 16,000 Facebook credentials in 2012, as well as credit card information linked to user accounts, it was revealed today.

The PokerAgent botnet was in control of 800 systems, as it sought to harvest information on Facebook users running the Zynga Poker app. The botnet was most active in Israel, security company ESET said, revealing the findings today, having worked with police in the country and with Facebook to kill the threat.

Infected users did not have their own Facebook accounts hacked. Their systems were instead used to carry out nefarious activities on other user accounts for which the attackers had acquired details, as the hackers sought to cover their tracks. Those systems carrying the malware were also used to propagate and grow the botnet.

“Facebook was notified and has responded promptly by forcing password resets for all known victims,” Robert Lipovský, ESET malware researcher, told TechWeekEurope.

“We only know that the attacker had at least 16,194 unique entries in his database of stolen logins. On the one hand, there may have been more, on the other, not all of these were valid – so that number is just a rough estimate.”

ESET had no information on how much money was stolen.

The Trojan was programmed to log into Facebook accounts and collect information on Zynga Poker stats for the given Facebook ID and the number of payment methods saved in the Facebook account.

PokerAgent was only interested in gathering gender information, points and rank from poker players. It is unclear what the attackers were doing with the harvested data, but ESET suggested they were amassing databases for future attempts to steal user identities and funds.

“The code suggests that the attacker seeks out Facebook users who have something of value, worth stealing – determined by the Poker stats and credit card details saved in their Facebook account,” Lipovský wrote in a blog post. “Later, the attacker can simply abuse the credit card information themselves or they may sell the database to other criminals.”

The malware was also ordered to publish links on the infected Facebook user’s wall. Those links would lead visitors to a fake Facebook login site, where their details would also be phished.

But Facebook users should not have to worry about this threat today. ESET said the malware author seemed to have ceased actively spreading the Trojan mid-February 2012. Efforts from ESET, Israel’s Computer Emergency Response Team (CERT) and law enforcement could well have been the catalyst for the demise of PokerAgent.

ESET noted that two-factor authentication would have prevented the malware from logging into Facebook accounts.

Source: TechWeekEurope

How Your Facebook Privacy Settings Impact Graph Search

After much buzz and anticipation over its “top-secret” announcement, Facebook revealed a new search capability called Facebook Graph Search.

The feature, which is currently available in a limited beta release, lets you search for friends, photos, restaurants, games, music and more. Results that Facebook returns will depend on your friends’ privacy settings and the privacy settings of people you’re not connected to.

Graph Search is available only in English and if you want to sign up for the waitlist for Graph Search, visit facebook.com/graphsearch.

“When Facebook first launched, the main way most people used the site was to browse around, learn about people and make new connections,” writes Tom Stocky, director of product management and Lars Rasmussen, director of engineering, in a press release. “Graph Search takes us back to our roots and allows people to use the graph to make new connections.”

Graph Search will appear as a bigger search bar at the top of each page. At today’s press conference, Facebook CEO Mark Zuckerberg made a point of explaining the difference between traditional Web search and Graph Search; the two are very different, he says.

According to Facebook, Web search is designed to take a set of keywords and provide the best possible results that match those keywords. Graph Search, the company says, lets you combine phrases-such as “movies my friends like”-to find that set of people, places, photos or other content that’s been shared on Facebook.

Another difference: every piece of content on Facebook has its own audience, and Facebook has built Graph Search with that privacy in mind, it says. “It makes finding new things much easier, but you can only see what you could already view elsewhere on Facebook,” Rasmussen and Stocky write in the press release.

Eden Zoller, principal analyst at technology consultancy Ovum, says that while Facebook may stress its commitment to privacy, it’s walking a thin line. “Facebook needs tread very carefully here and be mindful of user privacy,” she says. “It claims to have built Graph Search with privacy in mind, but Facebook has a mixed track record on this front and is in the habit of pushing privacy to the limits of what is acceptable.”

Your ‘About Me’ Privacy Settings

Graph Search lets others find you based on what you’ve shared with your various friend groups, including your interests and profile information. This means that if you share your location, relationship status and political beliefs with your college friends, but not your Limited Profile list, only your college friends will see that information in their search results.

To control who can see your current city, for example, you’ll need to edit that setting in the About tab on your timeline. Do this by navigating to your profile, clicking the About link that appears under your profile picture and summary, and clicking Edit next to Living section.

Your Photos Privacy Settings

The second group of privacy settings you should review is for your photos. Graph Search lets others search specifically for photos of you, including photos hidden from timeline. Your photos that appear in others’ searches depend on your privacy settings.

Start by reviewing the photos you’ve shared or have been tagged in. You can do this via your Activity Log. Find this button below your cover photo on the right side of your profile.

The Activity Log will display all of your actions on Facebook, and you can sort it specifically for photos by clicking the Photos link on the left-side navigation. Click the drop-down menu next to the pencil icon to preview or change the settings of individual pictures.

Because photos you’ve hidden from your timeline are still searchable, you’ll want to review these, too. Click the drop-down menu next to “On timeline” at the top to switch to a hidden-only view.

You can also change the privacy settings of your individual albums. Do this by navigating to your Albums page and clicking the icon that appears below each your albums. Note that some albums, such as your profile pictures and mobile uploads, may not have the option to set a blanket setting. You’ll need to review and change the setting of each picture individually.

Your ‘Places’ Privacy Settings

If you’ve checked-in to a location such as a restaurant or museum, or tagged a photo with a location, each of these could appear in Graph Search results, depending on your settings.

To review your tag history-which includes photo tags among location tags-navigate to your Activity Log and sort it by “Posts you’re tagged in.” To remove a tag or change a location, click the pencil icon.

Note that if you added a location tag to a photo, the photo’s privacy setting is also your location setting.

Source: Network World

Infographic Reveals Users Average Amount of Time Spent on Social Networks Each Month

The law firm Morrison and Foerster’s Socially Aware Blog have managed to gather the relevant data on how much time one spends on Facebook, Twitter, Google+ and other social networking websites.

Google+ gets about 100 million active users per month, while Facebook comes in at an impression 1 billion. This data has been translated into how many hours these networks are used.

It seems that the average user on a monthly basis spends close to 7 hours on Facebook, and a rather meager 3 minutes on Google+. Interestingly though it seems that their data has revealed that on average users spend only 21 minutes a month on Twitter.

Source: Ubergizmo