Facebook Blocked as Phishing Site in Firefox and Chrome

Facebook listed as a phishing site. Why?

The following domain is now listed as a phishing site by Google chrome and Firefox. http://fbcdn.net

Facebook blocked as phishing

UPDATE:Just in, TechCrunch just reported that Safari is now listing Facebook as a suspicious site too. You can read their article in the trackback in comments where they linked to this artilce. (Cheers! Robin Wauters, thanks for the link…)

This is actually a Facebook domain. By adding this domain to your list of trusted sites in Internet Explorer you will no longer have problems with Facebook. Currently Internet Explorer is not listing it as a phishing site in it’s database. Could this be because Microsoft has $260,000,000 invested in Facebook?

Basically the only way to use Facebook is to use Internet Explorer because they do not seem to be blocking it right now.

I am trying to get to the bottom of the Phishing RBL now, I am already taking this up with Trend Micro to make sure this does not spread. Trend Micro blocking my site made me quite an authority on Phishing filters and URL RBLs.

Currently the phishing filter used by Firefox does not list fbdcn.net as a phishing site and neither does Internet Explorer anti Phishing filter. Don’t know where this blocking is coming from but I want to know as someone who cannot wait to implement Facebook Connect.

After a Google search here is why Facebook runs JavaScript on another domain:

There are a few reasons; one of the posts added the additional domain lookup, but that only needs to happen once. What happens instead, is that a browser has a built in limit of 2 connections per domain. This means that if you have a lot of external content (CSS style sheets, Javascript, images, etc) you’re limited to load two at any given time. By adding an extra domain, you double that amount of items you can be downloading concurrently. There were some various experiments done, and it was found that 2-3 was generally the best you could squeeze out.

The link to the information about CDNs was provided — companies like Akamai have servers placed strategically around the world and use some DNS voodoo to have localized requests directed to their servers nearest to the request. This means that you can download the data faster.

Another reason is about bandwidth. Facebook (and all sorts of other sites where you have to login) track all sorts of information about you in cookies. Every request you make to a site, all of those cookies get passed around. This can add up very quickly. By having a domain that isn’t just a subdomain (ie, x.facebook.com) like fbcdn.net, each request isn’t burdened with the additional cookies and thus minimizes the bandwidth required on the request (you transmit less, so it’s faster; they receive less so it’s faster and cheaper [since they pay for all that in and out bandwidth])

I’m sure there could be even more reasons, but those are the main ones AFAIK.

This puts a real damper of the launch of Facebook Connect.

I will keep updating this post as news breaks on this. Either the Facebook domain fbcdn.net was hacked or this is something odd, I have not seen this occur before.

UPDATE:Facebook says the blocking has been cleared in the Facebook Forum. This is the same place I tried to warn Facebook that this was a possibility. The other developers said:

“This is some pretty tinfoil hat sounding stuff.”

I happen to like the way my monitor reflects off my tin foil hat, what’s it to ya?

7 thoughts on “Facebook Blocked as Phishing Site in Firefox and Chrome”

  1. I tried to head this off when I saw it coming in the Facebook Developers forum but they replied:

    “This is some pretty tinfoil hat sounding stuff.”


    You know what, my tin foil hat reflects the glow of my computer screen nicely. Too bad this is going to tarnish Facebook Connect heavily. I have been a huge supporter of Facebook Connect and this is a terrible thing to happen at launch.

Comments are closed.