Security researcher finds major flaw in Facebook

The more that comes out about FB the more I'm glad I never did fool with it.

 

It's really not that serious. All it is is that you can upload a .exe to facebook and send it out to people. It will not automatically download. It will not automatically open. It's entirely social engineering.

 

Yeah, as much as I detest the social invasion, in the grand scheme of things this is nothing. As always, if you don't know who the hell it is when you get a friend request or anything else, ignore/delete it.

 

Another option is to just turn off platform applications in Facebook.

 

Agreed 100 % although the Facebook audience selector in no way clearly shows how to do this and many sites want you to turn on the social api platform as this site clearly shows

 

At first I couldn't see what you were referring too. After allowing a few things, I notice what you were referring to under Facebook Activity on the page. This is what I see if and only if I am logged in to Facebook: "You turned off the ability to use Facebook platform In order to see your friends' recent activity, you need to turn it back on." If I am not logged in, it shows "You need to be logged into Facebook to see your friends' recent activity." With cookies removed I see "Create an account or log in to see what your friends are doing."

Since I don't care to see my friends recent activity, I simply ignore it. It does not seem to have any effect on using the site that I see.

As for turning apps off in Facebook, there really isn't much to do it. Select Privacy Settings from the drop down. On the Privacy Settings page select Apps and Websites - Edit Settings, then select "Turn off platform apps."

 

Sorry for the delayed reply.

Turning off Apps & Websites and all the settings disables your ability to use website Facebook interaction but it saves your computer from being publicly indexed across the entire Internet.

For those with a Facebook account, this link will help to navigate to these vital settings in order to change them to further secure your account.

Again, you must have a Facebook account to use the link

Regards,

 

If you use Facebook and do not know how to get to that page, then you should quit using Facebook.

 

Agreed, 100%

 

Facebook denies vulnerability, then quietly fixes it