Stumbled upon a malicious Facebook ad. The add promises a funny quiz and links to hallo-quiz [dot] com. That site will then redirect you to fimepobala [dot] com which shows the supposed quiz (only visible with the correct referrer). #infosec
Facebook has been notified and promptly responded that no policy violation has been found. I guess that Google and Mozilla won't act either, at least as long as the extension isn't malicious.
@varx There are enough indicators of shady behavior for Facebook to take this down. Of course, only if somebody takes time to look properly - something that Facebook employees usually cannot do.
On Twitter people cc'ed @robleathern@twitter.com who escalated this issue, so Facebook might still do something about this.
@WPalant What would be ideal? Perhaps a flag on the extension such that all updates must first have their diff reviewed by Google/Mozilla before being released to the public?