Subtitle: Facebook, your security still sucks.
So last night I get this email:
Who the hell is Billy Bowman? And why is he using my email address? And in rapid succession I receive:
So I say WTF? And *I* am able to login to this account “with my Hotmail credentials” and change the password on this account. I see that Billy is in a chat telling some girl he is 14 years old. (I concurrently change my hotmail password just in case, but this kid is NOT accessing my email).
Then I deactivate the account because I can’t switch the email address.
So even though I’ve changed the password on the account in question, Billy is able to reactivate it.
So now, I login to the Billy account and change the primary email address to the other address the kid has listed. I remove my email address from the Billy account.
So FB sends me a message…
And Billy tries to add it back
So I log in to the Billy account to insure the address is gone and log into my own account and quickly add that email address to my own Facebook account. And Facebook warns Billy that someone may have accessed his account and sends ME the email notification.
So Billy tries to change the password on his account. I’m ignoring these requests.
A few days ago, I started receiving all kinds of strange notifications and friend requests in an account that I don’t use for Facebook. I started getting concerned because of the volume of requests. I wasn’t sure if this was a phishing scam or malware, but I was getting annoyed at the number of pieces of mail being generated. The owner had signed up as Why-do U-Care. The name alone made be wonder what kind of scam was about to happen.
Of course each of these had a link to whatever I was being notified about. So, first in a VM to be safer, I clicked one of the links (the source of the email message actually was a legit Facebook non spoofed header, but just to be safe…) and without any trouble at all, I was able to reset the password to this phantom account.
.Here is the password change email I received.
Now how this person signed up with one of my email addresses and was able to use the account for a few days without verifying that email address is troublesome indeed.
Anyway, I reset the password and logged in to the account to insure that there wasn’t anything else going on that impacted me. This is some guy in California. A really stupid one to boot.
Next I got a throw away email address elsewhere and added it to the account, verified it, then set it as primary and removed my own misused email address. I changed the account name to DoNot Use. I then attached the email address that *I* own to a different Facebook account that *I* own as a secondary address. (Not my main account). Verified it, etc.
I then went into Why-DO U-Care, now DoNOT Use account with the throw away account login and scheduled it for deletion.
I am now getting about six of the following an hour from Facebook that look like:
Each time I click the button didn’t initiate this choice. This joker keeps trying to claim MY email address.
Facebook has a problem, and there is a person out there that needs psychiatric help and needs to be restrained from using the Internet (or at least who needs to understand he just can’t make up any old email address).
Seriously, Facebook allowed me to access this account just by initiating a password reset because I happen to own the email address this stupid person used. There is a security issue here, and this person should have never been allowed to use the account without acknowledging an email sent TO the email address he was trying to use. If anyone knows anyone at Facebook, please relay.
For a very long time, it seemed as through every site I visited with IE9 created an annoying prompt about secure content and encourage me to show all content. I’ve seen fixes that involve lowering your security etc., but never thought THAT was worth the risk. I had an “Ah HA!” moment while troubleshooting a similar annoyance with a wordpress plugin. It turns out that this issue occurs if you are logged into Facebook using https (and you should be using https) and have elected to always stay logged in that since nearly every site in the world has a Facebook Like button or some tie in to Facebook.
My solution? (Edited 8/9/2011) Stay logged into Facebook with Firefox, but NOT with IE. And strictly use Firefox for Facebook. (And note that this warning does not happen when I use Firefox to browse other sites while still logged into Facebook because Firefox is displaying mixed content by default.). Microsoft has other solutions posted, but they involve allowing mixed content to kill the prompt, or not allowing it ever (which kills the prompt) and even adding Facebook’s https site to the trusted zone. I prefer to use IE for financial sites and keep prompts and elect to only display secure content. And I am not by any means advocating dumping IE9.
I’m almost always running at least two browsers, but I just had not figured out what was causing OE to behave this way. There may be similar situations with other Facebook type sites or plugins, but with Facebook being by far the most widespread, my solution solves 99% of the problem for me. Now I know, and if you didn’t know this before, I hope this is helpful.
This FREE app in the iTunes store is a keeper. Most of the other iPad apps for Twitter and Facebook are light year’s behind in readability when compared to this iPad app that just hit today.
Your newsfeeds, tweets, et al are displayed in a magazine type layout that is easy to read and stunning to boot.
I can see why the Flipboard servers are busy busy busy. Every iPad user on the planet must be trying to set this little gem up simultaneously. Be patient. It’s worth it.
Start page for Flipboard. You can add your own content!
Twitter post displayed in landscape format. Really gorgeous!