Facebook Blocked as Phishing Site in Firefox and Chrome

Facebook listed as a phishing site. Why?

The following domain is now listed as a phishing site by Google chrome and Firefox. http://fbcdn.net

Facebook blocked as phishing

UPDATE:Just in, TechCrunch just reported that Safari is now listing Facebook as a suspicious site too. You can read their article in the trackback in comments where they linked to this artilce. (Cheers! Robin Wauters, thanks for the link…)

This is actually a Facebook domain. By adding this domain to your list of trusted sites in Internet Explorer you will no longer have problems with Facebook. Currently Internet Explorer is not listing it as a phishing site in it’s database. Could this be because Microsoft has $260,000,000 invested in Facebook?

Basically the only way to use Facebook is to use Internet Explorer because they do not seem to be blocking it right now.

I am trying to get to the bottom of the Phishing RBL now, I am already taking this up with Trend Micro to make sure this does not spread. Trend Micro blocking my site made me quite an authority on Phishing filters and URL RBLs.

Currently the phishing filter used by Firefox does not list fbdcn.net as a phishing site and neither does Internet Explorer anti Phishing filter. Don’t know where this blocking is coming from but I want to know as someone who cannot wait to implement Facebook Connect.

After a Google search here is why Facebook runs JavaScript on another domain:

There are a few reasons; one of the posts added the additional domain lookup, but that only needs to happen once. What happens instead, is that a browser has a built in limit of 2 connections per domain. This means that if you have a lot of external content (CSS style sheets, Javascript, images, etc) you’re limited to load two at any given time. By adding an extra domain, you double that amount of items you can be downloading concurrently. There were some various experiments done, and it was found that 2-3 was generally the best you could squeeze out.

The link to the information about CDNs was provided — companies like Akamai have servers placed strategically around the world and use some DNS voodoo to have localized requests directed to their servers nearest to the request. This means that you can download the data faster.

Another reason is about bandwidth. Facebook (and all sorts of other sites where you have to login) track all sorts of information about you in cookies. Every request you make to a site, all of those cookies get passed around. This can add up very quickly. By having a domain that isn’t just a subdomain (ie, x.facebook.com) like fbcdn.net, each request isn’t burdened with the additional cookies and thus minimizes the bandwidth required on the request (you transmit less, so it’s faster; they receive less so it’s faster and cheaper [since they pay for all that in and out bandwidth])

I’m sure there could be even more reasons, but those are the main ones AFAIK.

This puts a real damper of the launch of Facebook Connect.

I will keep updating this post as news breaks on this. Either the Facebook domain fbcdn.net was hacked or this is something odd, I have not seen this occur before.

UPDATE:Facebook says the blocking has been cleared in the Facebook Forum. This is the same place I tried to warn Facebook that this was a possibility. The other developers said:

“This is some pretty tinfoil hat sounding stuff.”

I happen to like the way my monitor reflects off my tin foil hat, what’s it to ya?

One Comment

  1. Chris Lang
    Posted December 3, 2008 at 4:06 am | Permalink

    I tried to head this off when I saw it coming in the Facebook Developers forum but they replied:

    “This is some pretty tinfoil hat sounding stuff.”

    http://forum.developers.facebook.com/viewtopic.php?pid=112369

    You know what, my tin foil hat reflects the glow of my computer screen nicely. Too bad this is going to tarnish Facebook Connect heavily. I have been a huge supporter of Facebook Connect and this is a terrible thing to happen at launch.

6 Trackbacks

  1. […] this blog says the problem occurs in Firefox as well, but I don’t see it. […]

  2. […] this blog says the problem occurs in Firefox as well, but I don’t see […]

  3. […] 陰謀史観のファンは大喜びしているかもしれない。今日(12/3)、私がGoogle ChromeブラウザでFacebookにアクセスすると、「フィッシングサイトの疑いがあります」という警告が出た。かまわずContinue(続ける)ボタンを押せばFacebookを利用することはできるが、安全のため、利用を中止することもできる。今朝まで異常はなかったのだが。すべてのユーザーにこの警告が出ているのだろうか?アップデート: このブログによると、同じ現象がFirefoxでも起きているという。しかし私のところでは起きていない。(私が http://fbcdn.net/ を訪問しようとすると警告が出た)。Twitterはこの現象が起きた件についての会話で祭り状態だ。アップデート2: fbcdn.netというドメイン名は、やはりFacebook Incによって登録されていた。アップデート3:今度はSafariでもFacebookを訪問しようとすると「怪しいサイト」だという警告が出るようになった。どうやら、これはブラウザ側ではなく、Facebook側に何か問題があるようだ。これまでにもFacebookユーザーを狙ったフィッシング詐欺が繰り返し 起きているが、今回の現象はそれと全く違った問題のようだ。もしかするとFacebook Connectに関係があるのかもしれない。誰か原因に心当たりは?[原文へ](翻訳:Namekawa, U) ShowListings(“arc3″); ShowListings(“arc2″); AddClipsUrl = ‘http://jp.techcrunch.com/archives/20081203google-chrome-claims-facebook-may-be-a-phishing-site/'; AddClipsTitle = ‘Google Chrome、Facebookをフィッシングサイトと警告(アップデート:Safari、FireFoxからも警告)'; AddClipsId = ‘2CBE02C952CFE'; AddClipsBcolor=’#78BE44′; AddClipsNcolor=’#D1E9C0′; AddClipsTcolor=’#666666′; AddClipsType=’1′; AddClipsVerticalAlign=’middle'; 前の投稿へ トラックバック […]

  4. […] this blog says the problem occurs in Firefox as well, but I don’t see it. (I do see it when I try to visit […]

  5. […] issue was also reported by this blog mentioning the same problem occurring when trying to access the social site via […]

  6. […] also go ‘back to safety’. It worked fine for me until earlier this morning. Update: this blog says the problem occurs in Firefox as well, but I don’t see it. (I do see it when I try to […]