Another Facebook vulnerability found

As we explain the security structure of Facebook, it is not rare to phrase negative aspects of Facebook security. The latest news on Facebook security is about  a vulnerability included in Facebook mainframe. This vulnerability enables users to sen malicious software to their victim friends.

This is how the vulnerability came to being. Normally when you try to send a file with .exe extension you receive a system error and you can not send this message. However if you make a little change in the contents of the message (a change on the POST inquiry), it is reported that the enforced controlled mechanism can be by passed through this change. You do not need to be friends on Facebook to send a message to them. This way any attacker can lure their victim through social media tactics to run the .exe file.

Nathan Power working for a security consulting company CDW, has recently warned Facebook authorities on the issue. As Power wrote the details of the incidence on his blog, he commented that authorities have acknowledged the issue however, it might take a while for them to make a fix for the issue.By then do not accept messages with .exe extensions on Facebook.

Advertisements

One thought on “Another Facebook vulnerability found

Comments are closed.