Announcement Announcement Module
Collapse
No announcement yet.
Facebook phishing problem Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Facebook phishing problem

    First of all, sorry my english is very bad.

    I have a problem with facebook

    I have a web app that ask user to register with facebook or twitter or some other social network.

    When the user is authentified is used token for publish picture with their facebook account.

    During one week no problème but after when i would like publish a picture in their wall i have a facebook message like this : " The authorization has been revoked. Reason: Error validating access token: The session has been invalidated because the user has changed the password." But the user don't have change her password.

    And when the user would like to go in facebook. he have a message like someone tried to access your account ... it looks like phishing

    I have change my facebook application setting :

    Server IP Whitelist: my server ip .

    And no change.

    Somebody know what can i do, to don't have this message of phishing. What i do wrong ?

    I have already ask for help in stackoverflow in this thread :

    http://stackoverflow.com/questions/1...-like-phishing

    but no help.

    I someone have informations thank for reply.

  • #2
    Firstly, just so that I know...is your application built using Spring Social? If so, is there any chance that the client ID/secret pair that you're using has leaked out to someone else? Or, by chance, are you using the same client ID/secret pair that comes with one of the Spring Social sample projects?

    The reason I ask this is because I've recently received several phishing emails from people who I'm friends with on Facebook. Aside from the Spring Social samples and only a handful of reputable (and I'd think trustworthy) apps, I have no idea how the scammer got a list of my friends on Facebook. But the Spring Social Sample applications have their ID/secret pair in the application.properties file, so...if anyone were to gain access to those, there's a chance that they could use them for ill purposes.

    This is leading me to the decision to remove those credentials from the samples and force everyone to obtain their own application credentials for the samples. (One phishing scam ruins it for the rest of us.)

    Comment


    • #3
      Thanks for quick reply.

      => Firstly, just so that I know...is your application built using Spring Social?
      Yes

      => If so, is there any chance that the client ID/secret pair that you're using has leaked out to someone else?
      Nobody have access to my account so i don't think.

      Or, by chance, are you using the same client ID/secret pair that comes with one of the Spring Social sample projects?
      No i have my own application, with my account

      But my web app display a like button link to a facebook page.
      And when the user don't click to this button no phishing alert are detected and the token are good for make request.

      So i found this, i d'ont know if they are usefull for someone else.

      Comment


      • #4
        that seems to be a serious issue. Not only this app, almost all the free apps(paid ones too?) access all our data. As we are installing many many apps everyday, we just skip the terms and conditions or privacy policy part. Something we'll have to see everytime.

        Comment


        • #5
          I need to know how to keep my pictures from being downloaded by others on facebook.

          Comment


          • #6
            Originally posted by CarolJ View Post
            I need to know how to keep my pictures from being downloaded by others on facebook.
            you can change the privacy policy , and allow only you friends to view your profile , in this manner you can avoid unknown people from downloading you pictures.

            as far as i know people in your friend list will have access to download your pictures, there is nothing you can do about it.

            _______________
            India Tour | Event Management Companies in Delhi | Canada Immigration

            Comment


            • #7
              Although the last couple of messages in this thread appear to be real questions, they also have the appearance of cleverly disguised spam. In any event, they don't directly relate to the subject of Spring Social.

              For now I'm leaving those posts in place, although I may decide to delete them as spam at some point in the future. In the meantime, since this thread has become a frequently spammed thread, I'm closing the thread to new comments. If anyone wants to have a *serious* discussion on the subject without promoting their product or service, then you are free to open a new thread.

              Comment

              Working...
              X