Picking up H.D. Moore's "Month of...." targeted vulnerability reporting mantle, a security researcher has vowed to spend the month of September 2009 disclosing a series of cross-site scripting vulnerabilities affecting various Facebook applications.
Hold on to your hats, boys and girls.
theharmonyguy plans to give Facebook web developers 24 hours notice before publicly disclosing the flaws. If you're smart, you'll buy some stock in Code Red and pizza delivery, because there are some coders who will be spending some late nights recompiling and testing their web apps over the next couple of weeks.
There have already been a couple of applications called out for their weaknesses - FarmVille for one. If you're using it, you're at risk until it's fixed.
Link to full article on The Register
Image by pshab via flickr
No comments:
Post a Comment
Please tell me what you think.