Researchers at Foundation for Research and Technology in Heraklion, Greece – that hotbed of Facebook research – have created a small Facebook application that causes a DDOS on a certain website. The application masquerades as a “picture of the day” app and shows an image from National Geographic. When someone clicks on it, however, it makes a request to a victim’s website, ultimately pulling down about 248 gigabytes of malicious data a day and essentially shutting down the server.
Obviously this application needs a perfect storm to be useful: you need to have a target and create a popular enough application that would encourage multiple installs. While one or two clicks won’t take down a site, the entire population of Facebook clicking on something definitely could.
The researchers wrote about the application in a detailed paper [PDF] and, by extrapolation, were able to tell how hard they could hit target servers provided, of course, the application was as popular as Super Wall or Bumper Sticker. They also recommend shoring up Facebook’s API to prevent this sort of mischief in the future.
I am Mike Arrington, all your cookies belong to me.
Great application! I wish I thought of it.
picture of the day has become useless app of the day
nice site
Have to be careful with the facebook Apps!
meh.
This is an interesting way to consume bandwidth, but an app as simple as this just won’t have the user base of a Fun Wall or Top Friends. Besides, Facebook caches the images on a profile box. Only the profile application tab – which a user has to manually add – pulls live data. Given poor performance of the profile tab and “boxes” tab – that perfect storm just isn’t going to happen.
Que up, big dump on the way!
Great piece of reporting here (for once.) This is the first instance I’ve heard of someone trying to use the resources (API, bandwidth) and community of large social media applications to achieve acts of maliciousness. I wonder how Facebook would respond to a lawsuit from a third party who was affected by such a malicious attack carried about by an app running on the F8 platform.
This is Spartaaa!!!
Give me the code…
Is it that someone is using the -eve publicity to actually get in the limelight…
Nice news!
Obviously any popular website could use the same approach to attack other sites. Maybe they should update their “what if” scenario to describe the horrific things that would happen if Google updated their search page to funnel attacks on Joe Blow’s website. Oh the horror.
I suppose the theory is that FB’s platform lowers the bar for non-professionals creating webpages that reach millions of users, but the reality is that only a few apps gain that reach, and any app that can get there should be working to monetize it, not wasting time on mischief.
Word.
“Don’t be too proud of this technological terror you’ve
constructed. The ability to destroy a website is insignificant next to
the power of the Forc…. oh, crap! Luke hacked the Death Star’s power servers again. Damn you, puny water farmer from a god-forsaken place. May your midi-chlorians turn you gay!”
This isn’t shocking. The same could be said for anyone running any website. Anyone who runs ad networks on their sites, puts widgets onto their blogs, or subscribes to html-formatted emails could be involved with a similar situation (notice I didn’t say victimized).
Move along everyone, nothing to see here.
CG
this is what happens when you don’t respond to their email
This is a simplistic version. It’s a “proof of concept” test.
The real bad guys have probably already taken this idea and are working very hard on introducing new ways of using the concept of sending a request to a site and possibly watch the over flow in some way to gather info.
http://afewtips.com
Hi all !
I checked out the paper and the applications. It sounds cool !!
Try it out (http://www.new....p?id=8752912084)
Wow thats really clever.
That’s pretty insane. Sounds like it’s gonna be a new technique for terrorists.
I think the point to take home is that whenever you are developing an application with such reach, you have to consider as many negative scenarios as possible, and be ready to deal with them quickly. I am interested to see what measures Facebook will put in place to combat this.
Facebook is nice but we prefer Friendster and Myspace
Those paid social network such as Yuwie and Frenzone are crap. They are not usual friendly
http://www.lagu...oi.blogspot.com – Free MP3
kdvpiozgc lengzh yvwfinuj kqhcivy cayusqz ecbgmuls rtmgnuvel
Beware of Greeks bearing apps