|
Facebook and privacy, they seem contradictory at times, yet it's used by about 500 million users for stuff that they might want to keep a bit private in the end. According to Symantec and El Reg, there is a problem that allowed apps to leak access tokens that remain valid. Apparently there are 100,000 apps that leak these tokens and they might sit in log files of e.g. advertisers waiting to be abused. The good news is that we can do something to invalidate the access tokens: change our password! So for those not knowing where to change the facebook password: it's in the upper right the "account" menu: choose "Account Settings" and then the 4th change is for the password. Facebook, to their credit seems to have reacted as well and is going to move away from the older access tokens. -- |
Swa 760 Posts May 10th 2011 |
| Thread locked Subscribe |
May 10th 2011 1 decade ago |
|
Your password was not exposed by the tokens.
What is.. or was exposed is your profile, likes, favorites, events, friends, pages and pictures. The biggest risk is that an app could post a like for something you didn't like.. and since likes can go outside of Facebook and execute just about anything this opens you up to an attack via a redirect. There are STILL 100,000 apps that use the old authentication methods and these apps CAN cause havoc. I personally do not run any app on FB just because they are what they seem to be... APPS that RUN that may have been created by ADVERTISING CRIME LORDS! Be safe, Al |
Al of Your Data Center 80 Posts |
| Quote |
May 11th 2011 1 decade ago |
|
The reason for changing your password is that Facebook invalidates all access tokens to an account when you change your password, even those with theoretically infinite duration.
|
Al of Your Data Center 1 Posts |
| Quote |
May 11th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
