Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Windscribe
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 2 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Three Security Gaps Discovered in Facebook: After the fact.
#1
[Image: images?q=tbn:ANd9GcRKvahfXpkj335vOvHC3aW...N8luTu5_qw]

     In lieu of the recent Facebook hack, multiple flaws were found in the interaction between three software errors. This correlates to the "View As" feature, which for example, someone could wish a friend happy birthday, they would be using a 2017 version of the video up-loader, and this version would falsely generate an access token that mirrored the same rights as the mobile Facebook app. 

  Hackers abusing the "View As" feature, would then receive these tokens but not from their own profile...they would be in fact from the profile that they are viewing. They then would begin to make their way through different profiles, and using the tokens of these users, would visit other accounts and procure more tokens. 

  It is also suspected that some third party services may have been affected. This would be done if a hacker utilized the single sign-on features using the same tokens that they stole. They can use these to sign into other sites such as Google, Twitter, and others. 

  This is so far a flesh wound in Facebook's reputation, one that has already been severely wounded due to past events in the last year or so. One could hope that Facebook doesn't drive the bullet any further, but after recent events, they appear to be quite talented at tripping over themselves. 


  This was a mid-afternoon report from...

  ----Sh7nk-Z0id
01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Zoom adds Two-factor authentication (2FA) as extra layer of security News 0 75 09-12-2020, 10:25 AM
Last Post: News
Brick News Website Security Breach Exposes 1 Million DNA Profiles Mr.Kurd 0 186 07-25-2020, 10:25 PM
Last Post: Mr.Kurd
Exclamation News Does TikTok Really Pose a Risk to US National Security? Mr.Kurd 0 153 07-25-2020, 10:13 PM
Last Post: Mr.Kurd
Rainbow News Researchers Find Security Vulnerabilities In Some of The Top Password Managers Mr.Kurd 0 327 03-23-2020, 08:02 AM
Last Post: Mr.Kurd
Sad News Security Vendor Leaks Over Five Billion Breached Records Mr.Kurd 0 332 03-20-2020, 12:06 PM
Last Post: Mr.Kurd
Question News New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts Mr.Kurd 0 315 03-13-2020, 11:15 AM
Last Post: Mr.Kurd
Shocked News Unpatched Wormable Windows SMBv3 RCE Zero-day Flaw Leaked in Microsoft Security Updat Mr.Kurd 0 424 03-12-2020, 09:39 AM
Last Post: Mr.Kurd
Exclamation News A vulnerability that Allows Hackers to Hijack Facebook Accounts Mr.Kurd 0 360 03-04-2020, 07:17 AM
Last Post: Mr.Kurd
Wink News Hackers deface Facebook's official Twitter and Instagram accounts Mr.Kurd 0 369 02-08-2020, 10:39 AM
Last Post: Mr.Kurd
  News LabCorp security lapse exposed thousands of medical documents Mr.Kurd 0 437 01-28-2020, 04:33 PM
Last Post: Mr.Kurd



Users browsing this thread: 1 Guest(s)