Tuesday, February 26, 2013

Security Flaw Gives Hacker Full Access to Facebook Profiles

The link to the full story is here

A web developer claims to have discovered a Facebook security flaw that could have allowed him access into any part of a stranger's profile.

Don't panic: Facebook has already fixed the problem. The developer, Nir Goldshlager, notified the social network about the issue and waited until it was resolved to go public with his discovery. He explained how it worked in a blog post published Saturday morning.

In the post, he says he was able to tweak the service OAuth, used by developers to obtain various permissions their apps need to run — for example, location data from your profile page. Goldshlager was able to manipulate OAuth so a visitor to a Facebook page could get full access — to inboxes, private photos and videos — with no expiration.

No comments:

Post a Comment