Facebook bug lets Hackers delete User’s Friendlist

Everyone is complaining about Facebook‘s privacy negligence: The configuration to control privacy is hard for most users to adjust, as a result of which, most users are unaware of the privacy hit everytime the post on Facebook.

Forget privacy, a newly discovered Bug in Facebook lets hackers delete Victim’s Facebook friends, without permission.

The flaw was reported by Steven Abbagnaro, a student in New York. But as of Saturday  morning, Eastern time, it had still not been patched, based on tests conducted by one of the security analyst.

The Facebook Hack

Combined with spam,  or a self-copying worm, a hacker to create a havoc on the Facebook social network. The hack captures publicly available data from users’ Facebook pages and then, one by one, deletes all of their friends. For the hack to work, the victim has to be made to navigate to a particular link, and that’s all.

Obviously, this looks like a cookie stealer code which uses user’s Facebook authenticated cookie to access the profile and create certain actions. Fortunately, the security code used in this attack has not been made public, but will go public when Facebook fixes the flaw, but it wont be long before Elite hackers would figure out how to trigger it.

The flaw and related behaviors had been observed by Keith. He discovered that Facebook’s Web site was not properly checking code sent by users’ browsers to ensure that they were authorized to make changes on the site. So this could mean that the attack doesn’t even utilize a cookie and can rely on session ids to trigger XSS (cross site scripting) forgery.

Facebook attempted on fixing the early reports of forcefully “like” on links, pages by hackers, but the exact problem was not fixed and is still left ready to be exploited.

For Facebook,  security has always been a trouble. Some times its malicious Facebook Apps that hit on User’s privacy or even hack/alter information without user’s consent. Their QA team had been under siege lately, tracking down 100s of issues everyday. These security issues plus Facebook’s native Privacy negligence makes it the most unsafe place on the internet. They need to overhaul the way they work, user’s data is not their property and hence can land them into trouble if issues grow in number.

Users have been quitting the social network and a several campaigns on the same had seen some successful results.

We write about Google, Twitter, Security, Open Source, Programming, Web, Apple, iPhone,Android and latest in Tech @taranfx on Twitter or by subscribing below: