I have blogged about facebook spam app before. Quite some time has passed without me noticing anything other stupid spam in my feed, but recently I've been seeing quite a lot of activity from one particular app which tags a lot of people in a naughty picture which appears to be a video.
So if you were tagged in a stupid spammy picture recently read on to see how your perverted friends got fooled. (And fix your privacy settings - you share part of the blame too)
The picture appears to be a youtube clip, and the thumbnail signals the viewer that they might get to see something, y'all know...
The hapless pervert clicks on it, and off we go this page (http://tbszam.ap01.aws.af.cm/?52533520?cid=51b0144660dd6/?cid=51b0144660dd6)
(Ok now I should not have been so judgmental earlier, the words here seem fine :P )
Once again the player is just a picture. It looks like a flash player, but it isn't. Now your friend has clicks on the play button, again..
A tiny new window opens, and the original page is updated with instructions to copy the URL from the other window, and then comes the shocker,
Its freaking asking you to paste the URL - ctrl + C and ctrl + V, goodness great, and people still do it??? (Two of my friends did - I'm never going to trust them with anything on the internet, ever)
What just happened was - they just granted the app the permission to tag their friends - just by proving that they are, human (no, I disagree, they are monkeys).
Here is the URL they pasted view-source:https://www.facebook.com/login.php?api_key=139682082719810&skip_api_login=1&display=popup&cancel_url=http%3A%2F%2Fm.facebook.com%253Fsdk%253Dios%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.&fbconnect=1&next=https://m.facebook.com/%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D139682082719810%26client_id%3D139682082719810%26redirect_uri%3Dhttps://www.facebook.com/connect/login_success.html?display%3Dpopup%26type%3Duser_agent%26perms%3Doffline_access%26fbconnect%3D1%26from_login%3D1%26rcount%3D1&rcount=2
You can find -
the app's API key - 139682082719810,
skip_api_login=1
In the &next= you can see the facebook URL for requesting permission.
If you want to see what's going on under the hood please go on to part 2.
So if you were tagged in a stupid spammy picture recently read on to see how your perverted friends got fooled. (And fix your privacy settings - you share part of the blame too)
The hapless pervert clicks on it, and off we go this page (http://tbszam.ap01.aws.af.cm/?52533520?cid=51b0144660dd6/?cid=51b0144660dd6)
Once again the player is just a picture. It looks like a flash player, but it isn't. Now your friend has clicks on the play button, again..
A tiny new window opens, and the original page is updated with instructions to copy the URL from the other window, and then comes the shocker,
Its freaking asking you to paste the URL - ctrl + C and ctrl + V, goodness great, and people still do it??? (Two of my friends did - I'm never going to trust them with anything on the internet, ever)
What just happened was - they just granted the app the permission to tag their friends - just by proving that they are, human (no, I disagree, they are monkeys).
Here is the URL they pasted view-source:https://www.facebook.com/login.php?api_key=139682082719810&skip_api_login=1&display=popup&cancel_url=http%3A%2F%2Fm.facebook.com%253Fsdk%253Dios%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.&fbconnect=1&next=https://m.facebook.com/%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D139682082719810%26client_id%3D139682082719810%26redirect_uri%3Dhttps://www.facebook.com/connect/login_success.html?display%3Dpopup%26type%3Duser_agent%26perms%3Doffline_access%26fbconnect%3D1%26from_login%3D1%26rcount%3D1&rcount=2
You can find -
the app's API key - 139682082719810,
skip_api_login=1
In the &next= you can see the facebook URL for requesting permission.
If you want to see what's going on under the hood please go on to part 2.
