> they thought it would be better to get people passwords by "botnet keylogger" (and I am not making it up), steal about 1 million accounts and then DEACTIVATE THEM ALL, which would I guess do something terribly evil to Facebook.
That is not a bad approach. If you assume Facebook's network infrastructure is rock solid, then attack Facebook's human infrastructure by flooding them customer services calls.
I don't think you need a botnet keylogger to grab Facebook passwords because their users are easily confused or duped. For example, ReadWriteWeb wrote about Facebook's plans for login federation and many Facebook users, googling for "facebook login", found this blog and tried to login there!
That is not a bad approach. If you assume Facebook's network infrastructure is rock solid, then attack Facebook's human infrastructure by flooding them customer services calls.
I don't think you need a botnet keylogger to grab Facebook passwords because their users are easily confused or duped. For example, ReadWriteWeb wrote about Facebook's plans for login federation and many Facebook users, googling for "facebook login", found this blog and tried to login there!
https://www.readwriteweb.com/archives/facebook_wants_to_be_y...