The vulnerability was finded in the code of Facebook

Posted: November 5, 2012 in IT Security News, Security Notices
Tags: ,

FacebookHacker News reports that the software is subject to the social network Facebook vulnerability, resulting in access to certain user accounts can be without a password. It is reported that by using specially generated query can be even through the search results to open the Google user accounts. According to experts, are under attack around 1.32 million accounts.

Also, this attack allows the user to open email-addresses specified in the database Facebook. As follows from the publication, in order to gain access to user accounts, you need to have at least one account with a valid password and log in below. After that, with the help of a specially designed query can open accounts of other users. The  attack’s authors say that this method of attack is not subject to all of the accounts.

According to experts, the problem is in the parsing of Facebook search queries from the server software of social networks. Popularized this attack by placing hyperlinks on the walls of specialized users, these links are often caught in search indexes. Accordingly, the Internet search engines by following links, index closed user data.

Described above were in the public domain for more than a million user accounts.

Facebook said that the social network technical services are working to eliminate the vulnerability.

Today Facebook under pressure Irish regulator has made a number of changes relating to the privacy of users. In Facebook originally intended to make these changes only for Ireland, but it was later decided to sell them globally (they do not work in the U.S. and Canada). A new security system will allow a more detailed set up external access to user data, in particular in the Chronicle, and the distinction between how the account works with the rest of the internet and web applications.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s