Monday, September 7, 2009

Month of Facebook Flaws

Picking up H.D. Moore's "Month of...." targeted vulnerability reporting mantle, a security researcher has vowed to spend the month of September 2009 disclosing a series of cross-site scripting vulnerabilities affecting various Facebook applications.

Hold on to your hats, boys and girls.

theharmonyguy plans to give Facebook web developers 24 hours notice before publicly disclosing the flaws. If you're smart, you'll buy some stock in Code Red and pizza delivery, because there are some coders who will be spending some late nights recompiling and testing their web apps over the next couple of weeks.

There have already been a couple of applications called out for their weaknesses - FarmVille for one. If you're using it, you're at risk until it's fixed.

Link to full article on The Register

Image by pshab via flickr


No comments:

Post a Comment

Please tell me what you think.