Feb 032011
 February 3, 2011  Posted by  Breaches, Online

David Neal reports:

Facebook has fixed a security problem that allowed malicious web sites to access personal user information without explicit permission.

The flaw was bought to the attention of security firm Sophos by student researchers Rui Wang and Zhou Li.

Graham Cluley, senior technology consultant at Sophos, said that the security lapse could let malware spread between users, taking personal data as it goes by impersonating a legitimate site that already has the permission to take information.

“According to Wang and Li, it was possible for any web site to impersonate other sites which had been authorised to access user data, such as name, gender and date of birth,” he said.

“Furthermore, the researchers found a way to publish content on the visiting users’ Facebook walls under the guise of legitimate web sites, a potential way to spread malware and phishing attacks.”

Read more on V3.co.uk.

Sorry, the comment form is closed at this time.