Categories
Blog Archives
A bad week for Facebook, MySpace
November 5th, 2009 - Posted by Kent
I thought I was using hyperbole on Tuesday when I used the headline "Another day, another Facebook attack." Or maybe I should have just saved it for today. While Tuesday's news concerned a phishing attack, today's attack is far more insidious. According to the Facebook application developer that discovered the Facebook security vulnerability, it could potentially exploit Adobe's Flash plugin and Facebook's auto-login feature.
a active session, or a "auto login"-cookie and a URL which hosts a exploiting Flash file. For example when accessed, a automatic "post update" could be made, that would lure friends of the user to access the exploit URL, and the exploit would spread virally.(sic)
Basically, it works like this: you decide to share some awesome new Flash site (such as a browser-based game), not knowing that it's an exploit. You hit "share." If you have auto-login enabled, your Facebook login data is transferred to the nefarious referring site. Since you're sharing that site, others click on it. It steals their info, ad-infinitum.
It's important to note that so far there's no evidence that this has actually happened. The potential was discovered by a concerned developer and reported so the hole would be closed. The folks at Facebook are aware of the problem, and they claim that no one's data has been compromised. They gave the following statement to TechChrunch:
The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it. We have not received any reports that it was ever exploited.
MySpace has apparently fixed the bug, and from Facebook's statement it seems that a fix is either in-place or imminent. But it may make you wonder if there's any way, other than cutting your Internet connection, that you can protect yourself. You don't have much control over Facebook's vulnerabilities, but identity theft protection is a good way to protect yourself in the online and offline world.
One Response to “A bad week for Facebook, MySpace”
Leave a Reply
Popular Services Reviewed:
Credit Monitoring Services |
Find Us On:
Copyright© 2006 - 2012 NextAdvisor.com - All rights reserved.
Disclosure: NextAdvisor.com is a consumer information site that offers free, independent reviews and ratings of online services. We receive advertising revenue from most of the services we review. Our editors thoroughly research and whenever possible test each service we review and offer their honest opinions about each one. We are independently owned and operated and all opinions expressed on this site are our own.
November 12th, 2009 at 5:57 pm
[...] week when both Apple and Microsoft released massive security updates, and a week after a series of Facebook and MySpace exploits came to light. Just when you thought it was safe to go in the [...]