"Commander Kinsey" wrote

| I think they should be responsible for ads running malicious code, because
they put them there, but not for what somebody happens to write. If I went
on Facebook and sent you a death threat, it should be between you, the
police, and me. Facebook shouldn't be involved at all.
|

It gets complicated. Russians were setting up pages like
American for Better Freedom, then filling them with made-up
nonsense meant to agitate people and favor Trump. They
were doing similar things with ads. It's been a planned
misinformation campaign. And as you probably know, we
Americans are not known for our critical thinking abilities.

Facebook's position is like you said: What's on the site
is not their concern. But now we're talking about malicious,
government-run propaganda and pages that Facebook
bots might present as "trending", so that more people view
them and talk about them. Even if it's something like Putin's
people fabricating convincing stories that say Hillary Clinton
has introduced a law in the US Congress to force gay marriage
among gun owners.

Facebook's strategy is to try to keep people on their site,
seeing ads, as much as possible. They have a vestd interest
in not knowing what's going on. But they're presenting this
stuff as news. In a newspaper, news is researched and an
ad must be clearly marked as such if it could be mistaken
for news. So Facebook is trying to play it both ways.

I think that with all of this -- Facebook and Google ads,
whether mailicious or not -- they don't want to deal with it.
Their business models are based on the premise that very,
very few humans are needed to run a tech company. Most
of it can and should be automated. So they don't want to hire
journalists for their news or ad salespeople for their ads. They
want it all automated; nearly zero cost.


| Another common attack
| method is Wordpress plugins. People who don't know
| what they're doing decide to have a website. Wordpress
| helps them do that without understanding the process.
| They set up a comment board, a shopping cart, etc. Later
| someone finds a bug in the comment board plugin. But the
| website founder doesn't know. They don't have the slightest
| idea of how their website works and haven't given it a thought
| ever since they set it up. So someone takes over
| their site via that bug and starts serving malware. That's
| not unusual. I get people trying to break into my website
| daily via Wordpress bugs, because a very large number of
| websites are based on Wordpress.
|
| Isn't Wordpress a big enough company to fix these flaws in their own
plugins?
|
I assume that something on Wordpress is probably
fine. But a large segment of the Internet is people
who use Wordpress templates, tools and plugins on
their own site. Wordpress makes it very easy to put
something like a comment board on your site without
knowing what you're doing. So Sam ends up with
commentsPlugin v. 3.1521 on his web sever. He forgets
about it. In 6 months a bug is found. Everyone who's
keeping track updates the plugin. But Sam doesn't even
really know he's using a plugin. so bots from Russia or
China, testing front door locks, discover that Sam's
site can be hacked and they upload malicious code.
Sam's none the wiser.

Here's a sample. The following is from my server logs
this past weekend. "wp" is Wordpress. Soemone in
Ukraine was teting for typical wordpress files, to see
whether my site could be hacked. (Sometimes I get hackers
from China that try hundreds of known vulnerabilities.)

----------------------------------------------------------
broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:33 -0400] "GET //wp-includes/wlwmanifest.xml HTTP/1.1"
404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:34 -0400] "GET //xmlrpc.php?rsd HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:34 -0400] "GET / HTTP/1.1" 200 19859 "-"

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:34 -0400] "GET //blog/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:34 -0400] "GET //web/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:34 -0400] "GET //wordpress/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:35 -0400] "GET //website/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:35 -0400] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1"
404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:35 -0400] "GET //news/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:35 -0400] "GET //2015/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:35 -0400] "GET //2016/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:35 -0400] "GET //2017/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:36 -0400] "GET //2018/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:36 -0400] "GET //shop/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:36 -0400] "GET //wp1/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:36 -0400] "GET //test/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:36 -0400] "GET //media/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:36 -0400] "GET //wp2/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:37 -0400] "GET //site/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:37 -0400] "GET //cms/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

broadband.kyivstar.net.Lviv-L'vivs'ka Oblast'-Ukraine-1 - -
[16/Mar/2019:04:19:37 -0400] "GET //sito/wp-includes/wlwmanifest.xml
HTTP/1.1" 404

----------------------------------------------------------

| I don't and won't do online banking.
|
| You sound overly paranoid. Banks are pretty secure, and it's their
responsibility if your money disappears.
|

Up to a point. In the US there are limits on debit cards.
A card used for business isn't covered. A personal card
is only covered if a problem is reported promptly. (Most
people don't know that.) And what if someone gets into
my account and steals money, but it looks like it was me?
How do I make a case that the withdrawal should be
insured?

Another risk connected with that is scam emails that
pretnd to be from your bank. Since I don't do such things
online I can't be tricked by scams.

| What if the product is faulty? Then you'll want to
| know they actually have an address and phone number.
|
| This is the 21st century, I prefer an email address or an online chat.
|
What's that got to do with the 21st century? human
relationships are out of date?


| I've actually never in my entire life had anything nasty happen to my
computer or my personal | details. I'm fairly careful but not that careful.
I have AVG running all the time, and I use Opera browser rather than that
buggy M$ ****, and I do a malware scan with Malwarebytes every month (not
the realtime one, that costs money!) and Windows Firewall is running, but
that's about it.
|

I haven't had trouble, either. I don't use AV or dubious
products like MB. But I'm careful. On the other hand, the
woman I live with got a popup awhile back and before I
was up and awake she had given someone a $390 credit
card payment for a problem the popup said was on her
computer! She's not dumb. She's a teacher. But the
popup was convincing and she didn't know better.