Students Find Facebook Security Flaw

A pair of researchers from the Indiana
University uncovered a
vulnerability in Facebook that allowed attackers to get their hands on
user data.

Students Rui Wang and Zhou Li found a flaw in the Facebook platform
code that enables a malicious site to impersonate other Websites and
obtain the same
access permissions
those sites receive.

"Bing.com by default has the permission to access
any Facebook users’ basic information such as name, gender, etc., so our
malicious website
is able to deanonymize the users by impersonating
Bing.com," Wang told eWEEK in an e-mail. "In addition, due to
business needs, there are many websites requesting more permissions, including
access to a user’s private data, and publishing content
on Facebook on her behalf. Therefore, by impersonating those websites
(e.g., NYTimes, ESPN, YouTube, and FarmVille, etc.), our website can obtain the
same permissions to steal the private data or post bogus messages on Facebook
on the user’s behalf."

Facebook patched the flaw shortly after it was reported to it, and said it
is not aware of the issue having been exploited.

For more, read the eWeek article: Facebook Fixes Security Vulnerability .

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles