Add to del.icio.us     Digg this

September 21, 2009

A new security hole has been discovered with cross-site scripting vulnerabilities involving Facebook applications. The new security flaw is a type that might be used to distribute Trojan horse malware or launch various, similar hacking attacks.

Now various Internet security experts have turned their attention to the social networking site, discovering a new series of flaws in the Facebook applications. Screenshots have been posted on the Web illustrating the security holes identified in five apps developed by Newscloud, alongside an advisory that explains the possible ramifications of the scripting vulnerabilities.

All 5 Facebook applications were developed by Jeff Reifman, a former project engineer at Microsoft who works for Newscloud. Reifman said he wasn't targeting Newscloud in particular, but rather simply illustrating a more general problem with Facebook's apps security.

A variety of attacks are still possible, including uploading PHP shells, redirects or infecting Web pages with "Trojan droppers".

Since then, Newscloud has blocked access to the affected apps but the company has yet to respond to various requests for comment it has received on the specific security problems reported.

The publication on the Web of this advisory comes at the same time as the ongoing Month of Facebook Bugs project, which also aims to highlight the security shortcoming of the social networking site.

It will be interesting to see if other and similar security flaws are discovered in the next few weeks, and also if other sites such as YouTube or LinkedIn might be the next targets.

Social sites are still growing in popularity and many (such as LinkedIn) are still using them in an effort to try to get new business contacts, but there's no question that security will have to be improved and fast, if more and more business people are to use them as part of their daily work.

Add to del.icio.us     Digg this

Source: IASN.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.