Facebook bug lets Hackers delete User’s Friendlist

Everyone is complaining about Facebook‘s privacy negligence: The configuration to control privacy is hard for most users to adjust, as a result of which, most users are unaware of the privacy hit everytime the post on Facebook.

Forget privacy, a newly discovered Bug in Facebook lets hackers delete Victim’s Facebook friends, without permission.

The flaw was reported by Steven Abbagnaro, a student in New York. But as of Saturday  morning, Eastern time, it had still not been patched, based on tests conducted by one of the security analyst.

The Facebook Hack

Combined with spam,  or a self-copying worm, a hacker to create a havoc on the Facebook social network. The hack captures publicly available data from users’ Facebook pages and then, one by one, deletes all of their friends. For the hack to work, the victim has to be made to navigate to a particular link, and that’s all.

Obviously, this looks like a cookie stealer code which uses user’s Facebook authenticated cookie to access the profile and create certain actions. Fortunately, the security code used in this attack has not been made public, but will go public when Facebook fixes the flaw, but it wont be long before Elite hackers would figure out how to trigger it.

The flaw and related behaviors had been observed by Keith. He discovered that Facebook’s Web site was not properly checking code sent by users’ browsers to ensure that they were authorized to make changes on the site. So this could mean that the attack doesn’t even utilize a cookie and can rely on session ids to trigger XSS (cross site scripting) forgery.

Facebook attempted on fixing the early reports of forcefully “like” on links, pages by hackers, but the exact problem was not fixed and is still left ready to be exploited.

For Facebook,  security has always been a trouble. Some times its malicious Facebook Apps that hit on User’s privacy or even hack/alter information without user’s consent. Their QA team had been under siege lately, tracking down 100s of issues everyday. These security issues plus Facebook’s native Privacy negligence makes it the most unsafe place on the internet. They need to overhaul the way they work, user’s data is not their property and hence can land them into trouble if issues grow in number.

Users have been quitting the social network and a several campaigns on the same had seen some successful results.

We write about GoogleTwitter, SecurityOpen SourceProgrammingWebAppleiPhone,Android and latest in Tech @taranfx on Twitter or by subscribing below:

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Related Posts

Bookmark and Promote!

  • Pingback: 170M Downloadable Facebook Profiles, Privacy #FAIL

  • Pingback: Facebook: Download Profile Data, Take control

  • Amy M

    I think that this same security flaw has reappeared– this time in a group. I am a member of a facebook group called 1 MILLION Strong AGAINST the Arizona Immigration Law SB1070 that had grown to 1,630,000 members. The numbers continued to grow steadily but then the membership numbers began to inexplicably drop a few months ago. Now they are disappearing at a rate of about 1,000+ per day (the numbers really started falling fast after the admins closed the group… which indicates that the continued new members were offsetting the deleted members to some extent). Several members have reported that they were dropped off the membership roles for no reason. If you know of any information about this or would like more info please feel free to contact me. Facebook has been notified but so far the bleeding of members has continued unabated.
    Thanks

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
    • Annerachel

      Having the same problem at petition to get rid of a page praying for Obama's death..

      VA:F [1.9.22_1171]
      Rating: 0.0/5 (0 votes cast)
      VA:F [1.9.22_1171]
      Rating: 0 (from 0 votes)
© 2014 Geeknizer. All rights reserved. XHTML / CSS Valid.
Designed by taranfx.