We integrate with many different external blacklists including Norton and when there’s a block on their service we provide a warning to our users. We only use our external blacklist system to protect our users and would never use it to reduce traffic for competitive reasons.

ORIGINAL ARTICLE: Is Facebook purposefully scaring users with questionable security alerts in order to cut traffic to Google+?

That’s the story coming from some Google+ users. They claim that when clicked, certain links to Google+ that appear on Facebook are displaying a frightening warning message to its users – “Security Alert: This Link May Not Be Safe.”

And the warning comes courtesy of Symantec.

Elgan Media’s Mike Elgan shared this to Google+ early this morning:

Mike Elgan 10 hours ago

Facebook resorting to ever more dirty tricks against Google+.

Facebook has taken its cheating to a new low. 

As you know, I auto-post Google+ posts to Facebook. The link brings my Facebook followers back to Google+ for the pictures and comments and for the complete post. 

But now, when they click on the link, my followers get a scary "Security Alert: This Link May Not Be Safe" warning.  

As far as I can tell, Facebook is lying. Flat-out lying as a dirty trick to reduce traffic to Google+. I can't think of any other explanation. 

And they're apparently paying Symantec to take the blame for the lie. 

Both companies know that a link to Google+ is perfectly safe. There are no banner ads and no way for malicious code to be downloaded from Google+. There has never, to the best of my knowledge, been a malware event originating from a Google+ link. 

Even after you click "Ignore this warning," every single link is flagged in the same way, with no "learning" or option to accept all links from the site. 

I wonder what +Robert Scoble thinks of this.

Props to +Roberto Acevedo III for pointing this out to me.  1773    500 Powered by socialditto

A few hours later, Elgan posted an update that said “Facebook is no longer putting up a ‘Security Alert’ for Google+ links. I guess they didn’t like the bad publicity. Let’s hear it for the power of the ‘What’s Hot’ list!!”

Some commenters continued to report that they were still getting the message, albeit with the stuff from Norton removed.

I don’t get a Norton warning, but I get a security alert. I guess Norton busted Facebooks balls for exploiting their name, and now they changed it to the following:

“Please be careful
For the safety and privacy of your Facebook account, remember to never enter your password unless you’re on the real Facebook web site. Also be sure to only download software from sites you trust. To learn more about staying safe on the internet, visit Facebook’s Security Page. Please also read the Wikipedia articles on malware and phishing.”

Others said that the problem is hardly new:

Bubble bursting… this has been happening for many many months… the alerts for some people will show and then stop…. you are not special +Mike Elgan I have posted about this a few times (with screenshots) over the last few months.

As far as I can tell it is triggered when there is a certain amount and kind of activity along with content topics… gasp! Yes, topics… FB does censor! OMG! What a thought! No, it cannot be! Anyway…. this is LAME that this is on whats hot as it has, as I stated, been happening on and off since the early days of G+… Many others have posted about it as well many times over the past year of G+’s life.

In April, Facebook announced a deal with a few security companies – Symantec’s Norton Antivirus being one of them. The deal now allows users to download free trial periods of their software, and it also gave Facebook access to their data on malicious sites.

FYI, if you run Norton’s Safe Web Check on Google+, it comes up clean.

I’ve reached out to Facebook for comment and will update this article accordingly.

In a statement Friday evening, Symantec confirmed the code’s authenticity, but denied that the leak comprised any sort of security risk. “As we have already stated publicly, our analysis shows that due to the age of the exposed code and the fact that it is only a small subset of the complete code, Symantec antivirus or endpoint security consumer and business customers – including anyone running Norton products – should not be in any increased danger of cyber attacks resulting from this incident,” asserts the company’s blog.

The digital security company also anticipates the release of additional code segments that it suspects Anonymous already possesses, including yet unreleased code for Norton Internet Security 2006. Other portions of code for Norton Utilities, pcAnywhere, and Norton Antivirus, have already been leaked online.

Symantec concluded its confirmation of the leaks by again reiterating that consumers running up-to-date versions of Norton AntiVirus should have nothing to worry about. “Again, the code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident,” claims the company.

Stolen portions of Norton AntiVirus source code were the focus of an extortion attempt of Symantec in January.

Also included in last week’s Anonymous hacks were police supplier New York Iron Works, the Australian Justice Department, Spanish infosec company Panda Security and the Vatican website.

The AnonymousIRC Twitter account let it be known yesterday that the group had taken down the Web site for New York Iron Works. What had this company done to incur the wrath of Anonymous? They supply the police of New York City with the equipment they use. While the defacement is no longer on the main page, the Google cache is still holding on to it. It’s similar to the church attacks last week, but this is in response to the Anonymous arrests made last week due to Sabu betraying LulzSec.

#FFF newyorkironworks.com POLICE SUPPLIER OWNED BY #ANTISEC #Anonymous #OWS #FreeHammond #ROOTED #MAYHEM

— AnonymousIRC (@AnonymousIRC) March 9, 2012

This isn’t the first time Anonymous has retaliated for the arrests of LulzSec members. They took down Panda Security’s Web sites the day after the arrests for their hand in assisting the FBI with the arrests.

As always, the text explaining the defacement is informative and entertaining:

(once again)
LOVE TO LULZSEC / ANTISEC FALLEN FRIENDS
THOSE WHO TRULY BELIEVED WE COULD MAKE A DIFFERENCE
LOVE TO THOSE BUSTED ANONS, FRIENDS WHO ARE FIGHTING FOR THEIR OWN FREEDOM NOW
LOVE TO THOSE WHO FIGHTED FOR THEIR FREEDOM IN TUNISIA, EGYPT, LIBYA
SYRIA, BAHRAIN, YEMEN, IRAN, ETC AND ETC AND ETC
LOVE TO THOSE WHO FIGHTED FOR FREEDOM OF SPEECH, FOR A REAL DEMOCRACY,
FOR A GOVT FREE OF CORRUPTION,
FOR A FREE WORLD WHERE WE ARE ABLE TO SHARE OUR KNOWLEDGE FREELY

LOVE TO THOSE WHO FIGHT FOR SOMETHING THEY BELIEVE IN

WE ARE ANTISEC
WE ARE THE NEW AND THE OLD LULZSEC GUARD
WE ARE THE NEW SHADOW GUERRILLA

WE ARE THE KNIGHTS OF THE LULZ
WE LL FIGHT TILL THE END

TO FBI AND OTHER SHITS
YOU HAVE OUR LOGS, WE HAVE ALL THOSE PMs AND PRIVATE CHATs U DONT WANT TO MAKE PUBLIC
YOU REALLY FUCKED IT UP TRYING TO TRAP PEOPLE

ALL YOUR BASE ARE BELONG TO US

hello friends!
As the events are unfolding they are changing the fundamental of history as we know it. But dont be mistaken for, We will fight any individual, organization, corporation, and/or government that hinder our movement. While some of our methods may seem unjust we believe that the action taken is needed. We are fighting the very institutions those are supposed to protect us. Fueled by money and power… the true nature of the government is at best: weak.

To our fallen brothers Your work has not been forgotten, your skills and teachings has spawn another generation of an elite squander. Like the knights at the round table, we have shared may common interests but let us not forget the game we play. AntiSec is still alive and well. We refuse to let some cheesecake ass player hater snitch divert us from our path in life.. a leader? at best a lame-facebook-user-gangsta-wannabe asshole blogger.. Our numbers are many and our skills are eminence… Jeremy, your presence will always live in our hearts..

> i lol’d at the lame-fb shit..
> XD

The tweet and the defacement call for the release of Jeremy Hammond, one of the hackers arrested last week as part of the FBI sting targeting members of LulzSec.

This was not the only attack, however, as Anonymous also leaked the source code from Symantec’s Norton Antivirus 2006 onto The Pirate Bay Thursday evening according to a Twitter user by the name of @AnonymouStun.

#Anonymous Leak Symantec Norton AntiVirus 2006 in the name of #FreeHammond #FreeTopiary #Freekayla #Freepwnsauce #Freepalladium #FreeAnons!

— stun (@AnonymouStun) March 8, 2012

Symantec responded to the leak on The Inquirer saying that the source code was from the 2006 edition of Norton AntiVirus and that current users are not at risk.

@AnonymouStun refutes this by saying that Symantec has been using the same source code since and that it’s even being used in the most recent edition of the software.

Symantec’s comment on the leaked code package “its from 2006, no worries” #Lulz?!.. oh come on guys do you even care!?

— stun (@AnonymouStun) March 8, 2012

@wordymcwriter yeah funny part its that Symantec uses still same code for 2011+ products ..

— stun (@AnonymouStun) March 8, 2012

@davidneal33 the last release is 2006 also same code used for these days Norton products, i know Symantec is on denial.

— stun (@AnonymouStun) March 9, 2012

In what may be the final attack to conclude today’s Fuck FBI Friday, Anonymous has also taken down the Web site for the Australian Justice Department and defaced it with a giant ASCII Anonymous logo. Wikileaks, who has quite the history with Anonymous, says the defacement is a response to “Australian government failure to support Australians overseas.”

Anonymous just defaced justice.act.gov.au for Australian government failure to support Australians overseas justice.act.gov.au

— WikiLeaks (@wikileaks) March 9, 2012

Our comment: We do not condemn such protest actions provided they do no harm. They are an expression of public sentiment.

— WikiLeaks (@wikileaks) March 9, 2012

If you’re confused, they mean Julian Assange, founder of Wikileaks. He’s an Australian-born citizen fighting extradition to Sweden in the UK courts with a decision to be made regarding said extradition in the near future.

This may be the end of today’s FFF operations, but they will continue until Anonymous feels they’ve had enough. We’ll keep you updated on any more attacks should they happen today.

Thompson currently serves as CEO of Virtual Instruments, a privately held company located in San Jose, Calif., whose products are designed to ensure the performance and availability of applications deployed in virtualized and private cloud computing environments. Since 2009, Thompson has been an active investor in early-stage technology companies in Silicon Valley.

Thompson served as chairman and CEO of Symantec Corp., helping transform Symantec into a leader in security, storage and systems management solutions. During his 10-year tenure as CEO from 1999 to 2009, Symantec’s revenues grew from $632 million to $6.2 billion, and its worldwide workforce grew to more than 17,500 employees. Thompson stepped down as CEO of Symantec in 2009, and stepped down from Symantec’s board of directors in 2011.

Previously, Thompson held a number of leadership positions at IBM, including sales, marketing, software development and general manager of IBM Americas. He was a member of IBM’s Worldwide Management Council.

Thompson currently serves on the board of United Parcel Service, and he has served on a number of government boards and commissions, including the Financial Crisis Inquiry Commission, the National Infrastructure Advisory Committee, and the Silicon Valley Blue Ribbon Task Force on Aviation Security and Technology. He formerly served on the national board of Teach for America, an organization dedicated to eliminating educational inequities for all children.

A Symantec representative commented on the attempt:

“In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still ongoing, we are not going to disclose the law enforcement agencies involved and have no additional information to provide”.

Here are some segments from the impatient ‘Anonymous’ @YamaTough hacker as he negotiates the $50,000 demanded payment from a Symantec employee:

“If you are trying to trace with the ftp trick it’s just worthless. If we detect any malevolent tracing action we cancel the deal. Is that clear? You’ve got the doc files and pathes [sic] to the files. what’s the problem? Explain.”

“If we dont hear from you in 30m we make an official announcement and put your code on sale at auction terms. We have many people who are willing to get your code. Dont f*** with us.”

Apparently, the Hackers were on to Symantec for contacting higher authorities but never the less continued in their negotiations until they finally cut contact with the Symantec employee who claimed they needed more time:

“Since no code yet being released and our email communication wasnt also released we give you 10 minutes to decide which way you go after that two of your codes fly to the moon PCAnywhere and Norton Antivirus totaling 2350MB in size (rar) 10 minutes if no reply from you we consider it a START this time we’ve made mirrors so it will be hard for you to get rid of it.”

Symantec insists that users of their products are not under any significantly higher risk of attack due to the theft however; Symantec asked its PCAnywhere users to disable the product until the company could issue a software update. They assure clients that this will protect them against attacks resulting from the theft of the source code.

The release of the source code had been trumpeted by Anonymous on January 4.

Symantec Norton Antivirus source code published by indian hackers pastebin.com/ciExRzr3“

— Anonymous (@YourAnonNews) January 4, 2012

Upon news of Symantec’s announcement, Anonymous did a victory dance on Twitter.

Yes #Anonymous has SymantecpcAnywhere source code. Yes we found 0days. Yes Symantec is panicking. Problem, officer? goo.gl/FhyPX

— Anonymous (@YourAnonNews) January 26, 2012

With middle-finger flourish, Symantec responded that Anonymous had not stolen their code. But, they did recognize that it was in the hands of Anonymous now.

Yesterday, Symantec announced a patch and free upgrade to all pcAnywhere customers, even those not normally eligible for an upgrade. This move effectively renders Anonymous’ possession of its code a moot point.

So, what is the purpose of grabbing and releasing code for a product when a quick patch release prevents its use? To make Symantec dance in public for a couple of days?

There has been a lawsuit filed against Symantec, alleging that the company scares people into buying its software by making misleading claims about the health of their computers. The lawsuit is filed by private parties, not affiliated with Anonymous.

We would love to hear from Anonymous about what purpose their actions serve. Is there something inherently evil about Symantec that they wish to highlight? About the (bloated) Norton Utilities software? Is it related to the lawsuit? What public statement does this make? If Symantec ends up being seen by the public as victims of unscrupulous hackers (as opposed to being seen as bumbling in its own security), does that mean the move backfired?

In contrast with all the laudable moves Anonymous has made in the past year or so (e.g. support of activists in Tahrir, support of Wikileaks, support of the #Occupy movement), why should the general public not see this as a mean-spirited adolescent prank?

Symantec Norton Antivirus source code published by indian hackers pastebin.com/ciExRzr3“

— Anonymous (@YourAnonNews) January 4, 2012

In response to this warning, Symantec has issued a security white paper (pdf) recommending that all users of pcAnyhwere disable the software until further notice.

“Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.”

pcAnywhere is a Norton product that allows for direct PC to PC communication.If the ctolen source code is actually released, the damage to networks that use pcAnywhere could be considerable.

More detailed information from the white paper:

Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product. pcAnywhere is also bundled in three Symantec products, Altiris Client Management Suite and Altiris IT Management Suite versions 7.0 or later, and Altiris Deployment Solution with Remote v7.1. In addition, customers with earlier versions of Altiris suites may have opted to leverage pcAnywhere. The increased risk is isolated to the pcAnywhere components only. There are no known impacts to the rest of the components in the Altiris products or the pcAnywhere Solution component that provides integration between pcAnywhere and the Symantec Management Console. Customers should validate the remote control tools currently in use.

The solution, Symantec says, will enable organizations to “bridge the gap between business, legal and IT, reduce their risks and costs, and empower employees to work freely in a connected world.”

Customers will be able to choose between on-premise, cloud or hybrid delivery of such a solution. The company says that through the existing integrations between LiveOffice and the recently acquired Clearwell eDiscovery Platform, customers can export info from LiveOffice to the platform where it is collected along with info from Enterprise Vault and other data sources.

Symantec says the acquisition will also lead to tighter integration between archiving and Symantec.cloud’s email security and management features.

“What were once disparate issues — information management, eDiscovery, and data security — are rapidly coming together due to the explosion of electronically stored information and the on-premise and cloud-based technologies that deliver and disseminate it. Organizations are increasingly demanding that these issues be addressed in a unified way through information governance,” stated Brian Dye, VP, Information Intelligence Group at Symantec. “As a market leader for storage, eDiscovery and security, Symantec continues to enhance its offerings and deepen its commitment to provide the most comprehensive intelligent information governance solutions.”

The acquisition closed on Jan. 13.

Yama Tough has been tweeting about Norton and Symantec throughout the month. Here are some earlier tweets leading up to this one:

The Inquirer shares the following statement on the matter from Symantec:

“The code for Norton Utilities that was posted publicly is related to the 2006 version of Norton Utilities only. That version of the product is no longer sold or supported. The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities.”

“Furthermore, we have no indications that the code disclosure impacts the functionality or security of any of Symantec’s other solutions. Lastly, there are no indications that customer information has been impacted or exposed at this time. As always, in general, Symantec recommends that users keep their solutions updated which will help ensure protection against any new possible threats.”

I guess we’ll find out this week if the statement is accurate.

“Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms,” says Symantec’s Nishant Doshi. “We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.”

“Access tokens are like ‘spare keys’ granted by you to the Facebook application,” Doshi explains. “Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.”

According to the security firm, while Facebook currently uses OAuth 2.0 for authentication by default, older schemes that are still supported and used by “hundreds of thousands” of apps are where the problem begins.

“There is no good way to estimate how many access tokens have already been leaked since the release Facebook applications back in 2007,” says Doshi. “We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers. Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile.”

Yesterday, Facebook issued an update to its Developer Roadmap, outlining plans requiring all sites and apps to migrate to OAuth 2.0. All apps must migrate to the format by September 1.

Facebook and privacy concerns are certainly not strangers. Time and time again, something happens that brings concerns back into the spotlight. Last month, Facebook announced a new suite of safety tools and advanced security features.