WiredWX Hobby Weather ToolsLog in

 


descriptionFacebook Bug Could Give Spammers Names And Photos EmptyFacebook Bug Could Give Spammers Names And Photos

more_horiz
Facebook is scrambling to fix a bug in its website that could be misused by spammers to harvest user names and photographs.

It turns out that if someone enters the e-mail address of a Facebook user along with the wrong password, Facebook returns a special "Please re-enter your password" page, which includes the Facebook photo and full name of the person associated with the address.

The feature helps people understand if they've mistyped their e-mail address at login, but it could be misused by spammers to get information on Facebook's 500 million users.

A spammer with an e-mail list could write a script that enters the e-mail addresses into Facebook and then logs the real names. This could help make a phishing attack more realistic, said Atul Agarwal, the researcher who posted a note about the issue (along with a sample script that could harvest names) to the Full Disclosure mailing list on Tuesday.

More: http://www.pcworld.com/article/203112/

descriptionFacebook Bug Could Give Spammers Names And Photos EmptyFacebook APIs have the same issue

more_horiz
Although facebook has fixed this bug, the same information is also exposed through the Facebook APIs. Do take a look at http://t.wits.sg/2010/08/14/attack-of-the-facebook-harvesters/ for a proof of concept where 40 Facebook employees' emails, profile pictures, names are exposed. This includes Mark Zuckerberg, Sheryl Sandberg etc.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum