A customer of Sendible, an online marketing service for promoting and tracking brands through the use of social media, e-mail and SMS messaging, has inadvertently discovered a flaw in Facebook API.
Using Sendible's Facebook application, he tried to post messages on a few Facebook walls - as a fan - but apparently the flaw made them be posted as status messages from the owner of the pages.
Before the flaw could be patched, it was apparently discovered also by some users that decided to use it to propagate a malicious link that would supposedly allow the victims to change their Facebook background. This message appeared on a number of Facebook pages of brands and companies like Coca-Cola, Google, YouTube, South Park, The Daily Show and others.
More: http://www.net-security.org/secworld.php?id=10143
Using Sendible's Facebook application, he tried to post messages on a few Facebook walls - as a fan - but apparently the flaw made them be posted as status messages from the owner of the pages.
Before the flaw could be patched, it was apparently discovered also by some users that decided to use it to propagate a malicious link that would supposedly allow the victims to change their Facebook background. This message appeared on a number of Facebook pages of brands and companies like Coca-Cola, Google, YouTube, South Park, The Daily Show and others.
More: http://www.net-security.org/secworld.php?id=10143