Discord Server Red Security Twitter Donation to Red Security Red Security Youtube Channel Red Security Tumblr Profile
Login or Register to Hide ads and Accessing all features on the forum
Thread Rating:
  • 3 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
News Three Security Gaps Discovered in Facebook: After the fact.
[Image: images?q=tbn:ANd9GcRKvahfXpkj335vOvHC3aW...N8luTu5_qw]

     In lieu of the recent Facebook hack, multiple flaws were found in the interaction between three software errors. This correlates to the "View As" feature, which for example, someone could wish a friend happy birthday, they would be using a 2017 version of the video up-loader, and this version would falsely generate an access token that mirrored the same rights as the mobile Facebook app. 

  Hackers abusing the "View As" feature, would then receive these tokens but not from their own profile...they would be in fact from the profile that they are viewing. They then would begin to make their way through different profiles, and using the tokens of these users, would visit other accounts and procure more tokens. 

  It is also suspected that some third party services may have been affected. This would be done if a hacker utilized the single sign-on features using the same tokens that they stole. They can use these to sign into other sites such as Google, Twitter, and others. 

  This is so far a flesh wound in Facebook's reputation, one that has already been severely wounded due to past events in the last year or so. One could hope that Facebook doesn't drive the bullet any further, but after recent events, they appear to be quite talented at tripping over themselves. 

  This was a mid-afternoon report from...

01001001 00100000 01000001 01001101 00100000 01011010 01001111 01000100 01001001 01000001 01000011

Possibly Related Threads…
Thread Author Replies Views Last Post
Star News Google Project Zero Discloses Nasty Windows 0-Day Security Exploit Already In The Wi News 0 420 11-01-2020, 06:12 AM
Last Post: News
Star News Smashing Security podcast #200: Two flipping hundred News 0 422 10-15-2020, 09:28 AM
Last Post: News
Star News Top anti-virus, anti-malware products contain security flaws News 0 468 10-08-2020, 01:09 AM
Last Post: News
Star News Google warns of security holes in other vendors’ Android phones News 0 357 10-05-2020, 09:13 AM
Last Post: News
Star News Zoom adds Two-factor authentication (2FA) as extra layer of security News 3 1,291 09-29-2020, 07:01 PM
Last Post: JJAskiz
Star News Homeland Security Issues Urgent Windows Security Warning Over Zerologon Exploit News 0 438 09-21-2020, 09:26 AM
Last Post: News
Brick News Website Security Breach Exposes 1 Million DNA Profiles Mr.Kurd 0 562 07-25-2020, 10:25 PM
Last Post: Mr.Kurd
Exclamation News Does TikTok Really Pose a Risk to US National Security? Mr.Kurd 0 511 07-25-2020, 10:13 PM
Last Post: Mr.Kurd
Rainbow News Researchers Find Security Vulnerabilities In Some of The Top Password Managers Mr.Kurd 0 656 03-23-2020, 08:02 AM
Last Post: Mr.Kurd
Sad News Security Vendor Leaks Over Five Billion Breached Records Mr.Kurd 0 682 03-20-2020, 12:06 PM
Last Post: Mr.Kurd

Users browsing this thread: 1 Guest(s)