Facebook security snafu could compromise accounts
Cross site-scripting flaws becoming a favored vector for hackers
IDG News Service - A researcher has spotted a security problem in Facebook that could lead to hackers taking control of user accounts.
The flaw allows a hacker to execute scripts on Facebook that could potentially be used to create a fake log-in page and capture users' passwords, according to the XSSED security blog. The discovery is credited to "Mox."
"Malicious people can exploit this issue to execute script code in the context of Facebook or obtain sensitive information from its users, such [as] clear text authentication credentials with a fake log-in form," according to the blog post, written by Dimitris Pagkalos.
A cross-site scripting vulnerability can let an attacker display data from another Web site or run malicious code, which can compromise user data on the targeted Web site.
Cross-site scripting flaws are increasingly becoming one of the favored vectors for hackers, and security experts have warned that a vast number of Web sites potentially contain the vulnerability. In 2006, the Web Application Security Consortium surveyed 31,373 sites and found that more than 85% were vulnerable to cross-site scripting attacks.
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Why You Need a Next-Generation Firewall This white paper explores the reasons for implementing next-generation (NG) firewalls and lays out a path to success for overburdened IT organizations.
- Path Selection Infographic Path Selection Infographic
- Hyperconvergence Infographic A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users? All Malware and Vulnerabilities White Papers | Webcasts