.

Facebook vulnerability allows to view friends' live chat

<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Wed May 05, 2010 11:08 am

Facebook vulnerability allows to view friends' live chat

A recent hole is facebook privacy settings was found that allows you to view your friends' live chat. Techcrunh has posted a video explaining step-by-step how to exploit this vulnerability. I just checked facebook and they have disabled chat for maintenance. Must say, privacy (security) holes in facebook are becoming a regular. Though I don't use it much except for having a virtual link with old friends ( you can't call everyone), if this thing becomes regular I'll have no option except deleting my profile.

You’ve got to hand it to Facebook. They certainly know how to do security — not.

Today I was tipped off that there is a major security flaw in the social networking site that, with just a few mouse clicks, enables any user to view the live chats of their ‘friends’. Using what sounds like a simple trick, a user can also access their friends’ latest pending friend-requests and which friends they share in common. That’s a lot of potentially sensitive information.

Unbelievable I thought, until I just tested the exploit for myself.

And guess what? It works.

The irony is that the exploit is enabled by they way that Facebook lets you preview your own privacy settings. In other words, a privacy feature contains a flaw that lets others view private information if they are aware of the exploit.

I know Facebook wants us to share more information and open up, but I’m not sure that this is quite what they had in mind.

Because this has major implications for user privacy we’ve informed Facebook about this exploit.


http://eu.techcrunch.com/2010/05/05/vid ... ive-chats/
Last edited by Xen on Sun May 16, 2010 12:30 am, edited 1 time in total.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed May 05, 2010 3:04 pm

Re: Facebook vulnerability allows to view friends' live chat

I think that Facebook's "privacy" settings are become a joke as of late.  Ever since they change everyone privacy settings to "world-visible" and made you change them back, I lost any respect for their security model. 
~~~~~~~~~~~~~~
Ketchup
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed May 05, 2010 4:05 pm

Re: Facebook vulnerability allows to view friends' live chat

I've been giving serious thought to dropping my facebook account. Between Xen's posting and the link below, I'm trying to come up with reasons to keep it.

http://gizmodo.com/5530178/top-ten-reas ... t-facebook
OSWP, Sec+
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Wed May 05, 2010 4:10 pm

Re: Facebook vulnerability allows to view friends' live chat

I am in the same boat as you, chrisj.  Especially after my wife's Facebook and email account got compromised.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed May 05, 2010 6:09 pm

Re: Facebook vulnerability allows to view friends' live chat

This is why, on ANY social media / networking site, you should NEVER post anything you aren't willing to allow someone else to see.  Just have to play safe, ALWAYS!  (I agree with all of your concerns, though, completely!)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed May 05, 2010 10:05 pm

Re: Facebook vulnerability allows to view friends' live chat

Definitely agree on all fronts.  I never post anything without thinking about seriously.  You never know what FB is going to change and what information is going to become world accessible.
~~~~~~~~~~~~~~
Ketchup
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed May 05, 2010 10:23 pm

Re: Facebook vulnerability allows to view friends' live chat

I try to keep things decent. Try to not talk bad about work, even if I do, I don't say were I work. (Yes Don, I know you can track it down from the ip address :) ).

But I'm less worried about law, and more worried about the Junior PIs out there working in HR departments now. The "I'll save money by doing a background check with google" kind.
OSWP, Sec+
<<

delusion

User avatar

Newbie
Newbie

Posts: 49

Joined: Thu Mar 18, 2010 6:04 pm

Location: London

Post Mon May 10, 2010 7:41 am

Re: Facebook vulnerability allows to view friends' live chat

What a horrid mess, must of been quite a few vexed kiddies that day! School fights up to an all time high  :o

Seriously facebook sort yourseves out!

I dont use the facebook chat, I rarely jump on facebook... I admit in my previous role I was a Facebook addict, lucky for me its banned where I work, i think thats a good thing, from a security standpoint and also to prevent reviving my addiction for facebook, which I can proudly say I am down to logging on about once every two days  8)
You Cant Resolve Problems Whilst At WAR!
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Mon May 10, 2010 8:03 am

Re: Facebook vulnerability allows to view friends' live chat

I never use facebook except for sending occasional PMs to some old friends. Don't have any pics uploaded or any applications installed.

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software