Security researcher finds major flaw in Facebook

ronjor · #1 October 27th, 2011, 01:35 PM

Quote:

By Jeremy Kirk IDG News Service

A security penetration tester discovered a major flaw in Facebook that could allow a person to send anyone on the social-networking site malicious applications.

Nathan Power, a senior security penetration tester at technology consultancy CDW, discovered the vulnerability and publicly disclosed it Thursday on his blog. The flaw was reported to Facebook on Sept. 30, which acknowledged the issue on Wednesday, he wrote.

https://www.infoworld.com/d/security...acebook-177320

cm1971 · #2 October 28th, 2011, 02:50 AM

The more that comes out about FB the more I'm glad I never did fool with it.

Hungry Man · #3 October 28th, 2011, 02:59 PM

It's really not that serious. All it is is that you can upload a .exe to facebook and send it out to people. It will not automatically download. It will not automatically open. It's entirely social engineering.

dw426 · #4 October 28th, 2011, 03:19 PM

Yeah, as much as I detest the social invasion, in the grand scheme of things this is nothing. As always, if you don't know who the hell it is when you get a friend request or anything else, ignore/delete it.

chrisretusn · #5 October 28th, 2011, 10:40 PM

Another option is to just turn off platform applications in Facebook.

siljaline · #6 October 29th, 2011, 04:02 AM

Agreed 100 % although the Facebook audience selector in no way clearly shows how to do this and many sites want you to turn on the social api platform as this site clearly shows

Quote:

Originally Posted by chrisretusn

Another option is to just turn off platform applications in Facebook.

chrisretusn · #7 October 30th, 2011, 09:37 AM

At first I couldn't see what you were referring too. After allowing a few things, I notice what you were referring to under Facebook Activity on the page. This is what I see if and only if I am logged in to Facebook: "You turned off the ability to use Facebook platform In order to see your friends' recent activity, you need to turn it back on." If I am not logged in, it shows "You need to be logged into Facebook to see your friends' recent activity." With cookies removed I see "Create an account or log in to see what your friends are doing."

Since I don't care to see my friends recent activity, I simply ignore it. It does not seem to have any effect on using the site that I see.

As for turning apps off in Facebook, there really isn't much to do it. Select Privacy Settings from the drop down. On the Privacy Settings page select Apps and Websites - Edit Settings, then select "Turn off platform apps."

siljaline · #8 October 30th, 2011, 11:09 PM

Sorry for the delayed reply.

Turning off Apps & Websites and all the settings disables your ability to use website Facebook interaction but it saves your computer from being publicly indexed across the entire Internet.

For those with a Facebook account, this link will help to navigate to these vital settings in order to change them to further secure your account.

Again, you must have a Facebook account to use the link

Regards,

chrisretusn · #9 October 31st, 2011, 06:07 AM

If you use Facebook and do not know how to get to that page, then you should quit using Facebook.

siljaline · #10 October 31st, 2011, 06:22 AM

Agreed, 100%

Quote:

Originally Posted by chrisretusn

If you use Facebook and do not know how to get to that page, then you should quit using Facebook.

MrBrian · #11 November 3rd, 2011, 12:01 AM

Facebook denies vulnerability, then quietly fixes it

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search