The Ethical Hacker Network - Facebook vulnerability allows to view friends' live chat

Equix3n-

Sr. Member

Offline

Posts: 386

Facebook vulnerability allows to view friends' live chat

« on: May 05, 2010, 11:08:21 AM »

A recent hole is facebook privacy settings was found that allows you to view your friends' live chat. Techcrunh has posted a video explaining step-by-step how to exploit this vulnerability. I just checked facebook and they have disabled chat for maintenance. Must say, privacy (security) holes in facebook are becoming a regular. Though I don't use it much except for having a virtual link with old friends ( you can't call everyone), if this thing becomes regular I'll have no option except deleting my profile.

Quote

You’ve got to hand it to Facebook. They certainly know how to do security — not.

Today I was tipped off that there is a major security flaw in the social networking site that, with just a few mouse clicks, enables any user to view the live chats of their ‘friends’. Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they share in common. That’s a lot of potentially sensitive information.

Unbelievable I thought, until I just tested the exploit for myself.

And guess what? It works.

The irony is that the exploit is enabled by they way that Facebook lets you preview your own privacy settings. In other words, a privacy feature contains a flaw that lets others view private information if they are aware of the exploit.

I know Facebook wants us to share more information and open up, but I’m not sure that this is quite what they had in mind.

Because this has major implications for user privacy we’ve informed Facebook about this exploit.

http://eu.techcrunch.com/2010/05/05/video-major-facebook-security-hole-lets-you-view-your-friends-live-chats/


« Last Edit: May 16, 2010, 12:30:36 AM by Equix3n- »	Logged

Ketchup

Hero Member

Offline

Posts: 1021

Re: Facebook vulnerability allows to view friends' live chat

« Reply #1 on: May 05, 2010, 03:04:25 PM »

I think that Facebook's "privacy" settings are become a joke as of late. Ever since they change everyone privacy settings to "world-visible" and made you change them back, I lost any respect for their security model.


	Logged

~~~~~~~~~~~~~~
Ketchup

chrisj

Hero Member

Offline

Posts: 1163

Re: Facebook vulnerability allows to view friends' live chat

« Reply #2 on: May 05, 2010, 04:05:35 PM »

I've been giving serious thought to dropping my facebook account. Between Xen's posting and the link below, I'm trying to come up with reasons to keep it.

http://gizmodo.com/5530178/top-ten-reasons-you-should-quit-facebook


	Logged

OSWP, Sec+

Dengar13

Sr. Member

Offline

Posts: 380

Re: Facebook vulnerability allows to view friends' live chat

« Reply #3 on: May 05, 2010, 04:10:08 PM »

I am in the same boat as you, chrisj. Especially after my wife's Facebook and email account got compromised.


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

hayabusa

Hero Member

Offline

Posts: 1631

Re: Facebook vulnerability allows to view friends' live chat

« Reply #4 on: May 05, 2010, 06:09:51 PM »

This is why, on ANY social media / networking site, you should NEVER post anything you aren't willing to allow someone else to see. Just have to play safe, ALWAYS! (I agree with all of your concerns, though, completely!)


	Logged

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH

Ketchup

Hero Member

Offline

Posts: 1021

Re: Facebook vulnerability allows to view friends' live chat

« Reply #5 on: May 05, 2010, 10:05:31 PM »

Definitely agree on all fronts. I never post anything without thinking about seriously. You never know what FB is going to change and what information is going to become world accessible.


	Logged

~~~~~~~~~~~~~~
Ketchup

chrisj

Hero Member

Offline

Posts: 1163

Re: Facebook vulnerability allows to view friends' live chat

« Reply #6 on: May 05, 2010, 10:23:43 PM »

I try to keep things decent. Try to not talk bad about work, even if I do, I don't say were I work. (Yes Don, I know you can track it down from the ip address

).

But I'm less worried about law, and more worried about the Junior PIs out there working in HR departments now. The "I'll save money by doing a background check with google" kind.


	Logged

OSWP, Sec+

delusion

Newbie

Offline

Posts: 49

Re: Facebook vulnerability allows to view friends' live chat

« Reply #7 on: May 10, 2010, 07:41:56 AM »

What a horrid mess, must of been quite a few vexed kiddies that day! School fights up to an all time high Shocked

Seriously facebook sort yourseves out!

I dont use the facebook chat, I rarely jump on facebook... I admit in my previous role I was a Facebook addict, lucky for me its banned where I work, i think thats a good thing, from a security standpoint and also to prevent reviving my addiction for facebook, which I can proudly say I am down to logging on about once every two days Cool


	Logged

You Cant Resolve Problems Whilst At WAR!

Equix3n-

Sr. Member

Offline

Posts: 386

Re: Facebook vulnerability allows to view friends' live chat

« Reply #8 on: May 10, 2010, 08:03:12 AM »

I never use facebook except for sending occasional PMs to some old friends. Don't have any pics uploaded or any applications installed.


	Logged

Pages: [1] Go Up

« previous next »