Facebook Still Insecure?

On the 31st of July I posted my thoughts on the problems Facebook where having during the course of the day. According the Facebook, the problems were isolated and was not as result of a security breach. The bug, which was fixed that day, caused some third party proxy servers to cache otherwise inaccessible content.

With all the commotion and with Facebook being down for a couple of hours on the 31st July, people seem to have assumed that the security holes as detailed by Adrienne Felt in this pdf document have been fixed.

Well according to Adrienne, this is not the case. Adrienne posted a comment on my post saying that Facebook has not fixed the XSS hole or the underlying design problems that make the site insecure. She goes on to say that the site was temporarily sorta-fixed for two days but has since been taken down.

Adrienne has done the correct thing by censoring the document in which she details the attack. I feel that this however has reduced the true impact of the security hole. It is almost as if Facebook do not believe that they have a problem. I suppose they’ll need to learn the hard way, something similar to what MySpace went through a couple of years back.

Link to an interesting article on myadsl.co.za: Hackers steal information from Facebook and MySpace members

Advertisements

One Response to “Facebook Still Insecure?”

  1. First real stumble by Facebook « These are the days Says:

    […] Update: Is Facebook still insecure? […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: