[ insider_reports_insider ]
Flaw Found With Facebook Instant Personalization Service
Doug Caverly
Staff Writer
2010-05-11
 Insider Reports RSS Feed
It may once again be time to go over your Facebook profile and make sure nothing too personal is written there. In addition to untrustworthy acquaintances and outright scammers, users now apparently have to worry about security holes introduced by the new "instant personalization" program.
 | | Flaw Found With Facebook Instant Personalization Service |  |
As reported by Jason Kincaid, "Web security consultant George Deglin discovered an exploit that would allow a malicious site to immediately harvest a Facebook user's name, email, and data shared with 'everyone' on Facebook, with no action required on the user's part."
This was possible because Facebook's granted Yelp (along with Pandora and Docs.com) automatic access to its data. Malicious sites could take enough information to imitate a user, feed the info to the correct API, and learn a ton of personal facts for free, then.
And even though Facebook and Yelp were quick to correct the problem, Kincaid wrote, "[T]his is unsettling nonetheless. Instant Personalization has only been around for a few weeks on a mere three sites, and one of them has already had issues. Given how common XSS vulnerabilities are, if Facebook expands the program we can likely expect similar exploits."
It's hard to believe the average user will tolerate many more mistakes like this; even if very few people actually abandon Facebook, it's possible we'll see some protests and boycotts for the sake of privacy and security.
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
