Facebook flaw opened you and your friends' profile to data thieves

CNET | 11/13/2018 | Alfred Ng
boti (Posted by) Level 3
Click For Photo: https://cnet3.cbsistatic.com/img/WBFYTXTJnjPWeBXtccFmR745H80=/724x407/2018/05/01/85169f31-d09b-4e7a-9ab0-850efcefb080/facebook-f8-mark-zuckerberg-data-privacy-2018-0218.jpg

Facebook CEO Mark Zuckerberg discussing data privacy at F8.

Your Facebook "Likes," posts and friends were exposed from a vulnerability that the social network recently fixed.

Vulnerability - Request - Forgery - CSRF - Attacks

The vulnerability uses cross-site request forgery (CSRF) attacks, which tricks pages into performing tasks they're not supposed to, combined with access to an account already logged in. The security flaw is tied to Facebook on Google's Chrome browser, which accounts for more than 60 percent of browsers used online. Google did not immediately respond to a request for comment.

Imperva, a cybersecurity company, discovered the flaw and disclosed it to Facebook in May. The social network did not respond to a request for comment.

Attack - Hacker - Person - Facebook - Website

For the attack to work, a potential hacker would have to trick a person logged into Facebook into opening up a malicious website, which Imperva's researchers set up during their analysis.

Once a person clicks anywhere on the website, the vulnerability would use iFrames -- code used to embed content on pages like YouTube videos -- to open a new tab with Facebook's search page.

Attacker - Searches - Information - Friends - Friends

From there, the attacker could have created searches to look for personal information -- to view your friends, what pages you've liked, and what pages your friends liked.

Ron Masas, a security researcher at Imperva, noted that you could craft the searches to be more specific, like if you wanted to check on the person's friends based on location, name, religion, or any combination.


Masas was...
(Excerpt) Read more at: CNET
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!