Facebook fixed the loophole that exposed users ‘ information

The gate Arab News Technical The Gate Arab News Technical

فيسبوك أصلحت ثغرة تعرض معلومات المستخدمين

Fixed platform Facebook new vulnerability allowed any web site to pull the information out of the user’s profile, including likes and interests, without the knowledge of the user, such as through unauthorized access to the application programming interface of the company, was Ron mas Ron Masas, a security researcher from a company Idea Imperva, has reached these findings after having found that the search results on Facebook aren’t properly protected from the attacks CSRF, in other words, The website can get in secret on certain parts of the data from the file user profile on Facebook that is logged on to it through another tab.

Published researcher and a video clip to demonstrate the concept, and showed how a web site can embed an inline frame IFRAME, the user often to insert content from another source within the Web page, to collect the profile information is confidential, said Ron Maas: “this allows the information to go across domains, this means that if a user has visited a particular web site, an attacker can open Facebook, it can collect information about the user and his friends”.

Have Says Website news update open several search queries on Facebook within a new tab, and run the queries that can return responses of “yes” or “no” as if a Facebook user likes a specific page, for example, said the security researcher, the search requests may hinder the results of the more complex, such as the provision of all the user’s friends who carry a certain name and posts the user containing certain keywords.

It can also provide more results with the demographic characteristics of the person such as all the Friends of a person of a particular religion in a particular city, and said to Ron: “displays wrong user interests and the interests of his friends, even if they were to adjust its privacy settings so that they show interests for his friends only,” according to the researcher, this problem is not considered limited to Facebook and not a problem particular to the grant.

Includes Ron that attacks social engineering the most sophisticated may become more common in the year 2019, and given the quality of available data they will be attractive to buy the ads, the company Imperva has revealed the error particularly in the month of May, to Facebook days after it corrects the error by adding protection against CSRF and pay 8000 dollars to the discoverer of the error through the program, Facebook rewards for assistance in protecting the climate.

Referred to Facebook they fixed the problem in the search page and didn’t notice any abuse, said Margarita South Margarita Zolotova, a spokeswoman for the company said: “We appreciate the efforts and the report of the security researcher, given that the underlying conduct is not specific to Facebook, we have made our recommendations to the makers of browsers groups web standards relevant to encourage them to take steps to prevent this kind of problems in other web applications”.

The gate Arab News Technical Facebook fixed the loophole that exposed users ‘ information

If you are watching what you read now, be aware that this content a user is illegally in this location, and the original position of the gate Arab News Technical

Leave a Reply

Your email address will not be published. Required fields are marked *