TrustedID
Rating:

Identity Guard Total Protection
Rating:

LifeLock
Rating:

ProtectMyID.com
Rating:

ID Patrol
Rating:

ID Watchdog
Rating:

Equifax Credit Watch Gold
Rating:

Identity Theft Shield
Rating:

Identity Guard Good Start
Rating:

Enter your email address to receive NextAdvisor.com Daily Blog updates

Categories

Blog Archives

A bad week for Facebook, MySpace

Posted by kent on November 5th, 2009

I thought I was using hyperbole on Tuesday when I used the headline "Another day, another Facebook attack." Or maybe I should have just saved it for today. While Tuesday's news concerned a phishing attack, today's attack is far more insidious. According to the Facebook application developer that discovered the Facebook security vulnerability, it could potentially exploit Adobe's Flash plugin and Facebook's auto-login feature.

a active session, or a "auto login"-cookie and a URL which hosts a exploiting Flash file. For example when accessed, a automatic "post update" could be made, that would lure friends of the user to access the exploit URL, and the exploit would spread virally.(sic)

Basically, it works like this: you decide to share some awesome new Flash site (such as a browser-based game), not knowing that it's an exploit. You hit "share." If you have auto-login enabled, your Facebook login data is transferred to the nefarious referring site. Since you're sharing that site, others click on it. It steals their info, ad-infinitum.

It's important to note that so far there's no evidence that this has actually happened. The potential was discovered by a concerned developer and reported so the hole would be closed. The folks at Facebook are aware of the problem, and they claim that no one's data has been compromised. They gave the following statement to TechChrunch:

The security of our users is a top priority for Facebook and we worked with the researcher who identified the issue to fix it. We have not received any reports that it was ever exploited.

MySpace has apparently fixed the bug, and from Facebook's statement it seems that a fix is either in-place or imminent. But it may make you wonder if there's any way, other than cutting your Internet connection, that you can protect yourself. You don't have much control over Facebook's vulnerabilities, but identity theft protection is a good way to protect yourself in the online and offline world.

One Response to “A bad week for Facebook, MySpace”

  1. Living in a less nervous world - NextAdvisor Daily Says:

    [...] week when both Apple and Microsoft released massive security updates, and a week after a series of Facebook and MySpace exploits came to light. Just when you thought it was safe to go in the [...]

Leave a Reply

Recent Comments

  • Luana Zobel: I've been an avid fan of this web site for some time and not...
  • Rueben: Genealogists never die, they just loose their roots....
  • Sean T.: I just subscribed to Carbonite and paid the annual fee. Now...
  • sarah lucy thomson: i am a big fan of shannen doherty and am annoyed that people...
  • Augustine Lamkins: I found your blog when I was searching on google, and it bro...

About Us Blog Contact UsTerms & Privacy PolicyAffiliate ProgramSite map