Saturday , March 6 2021

We will not succeed on Facebook's existing profile information to the thieves


Mark Zuckerberg's presentation on data privacy at F8.

James Martin / CNET

Your "likes" Facebook, like your friends, are vulnerable to the fact that the social network has been set on recent dates.

Vulnerability uses standard attacks (CSRFs), which make the pages execute tasks they do not need, along with access to the account that is already logged in. The security flaw is linked to Facebook's Google Chrome browser, which accounts for more than 60 percent of the browsers used to access the Internet. Google immediately responded to a comment request.

Imperva, a cyber security company, revealed vulnerabilities and revealed it on Facebook in May. The social network also did not respond to a comment request.

In order to carry out an attack on the job, a potential hacker should be encouraged by someone logged in to Facebook to open a malicious site that Imperva researchers created during the analysis.

When a person clicks on any site, the vulnerability would use iFrames, a code used to insert content on pages, such as YouTube videos, to open a new tab on the Facebook search page.

From there, the attacker was able to create a search to find personal information: to see your friends, which pages you liked and which pages your friends liked.

Impersonal security researcher Ron Neuss said that you can make more accurate searches as if you would like to connect with your friends based on their location, name, religion, or any combination.

Masses were also able to search for publications that included specific users who clicked, or user friends. Even if your privacy settings were changed so that only your friends can see your "likes", this vulnerability will prevent it, he added.

"This allowed information to cross the domains, which means that if the user visits a specific website, the attacker can open Facebook and collect information about the user and their friends," he said in a statement.

You can see how the attack will work on the following video:

Such data is extremely valuable to external companies as evidenced scandal around Cambridge Analytica in March.

Now an uncertain United Kingdom data analysis company has gained information, including the likes and friends of me, from the 87 million Facebook account, without user permission. The company then used this information to create user profiles that could be used for political advertising.

Then in September, Facebook noticed that hackers had theft of personal information from 29 million people who used vulnerabilities in their "See Like" function. Facebook refused to comment on what was behind the hack, as the FBI still investigated it, but the Wall Street Journal reported that it was probably a spammer who became a digital marketing agency.

To read: How to delete your Facebook account forever

Source link