From Mike Hitchen Online Let's Hear You! presents selected news and information from non profit organizations and individuals promoting community or rights oriented issues.
Items are selected from a wide range of sources and are not confined to major or international issues. Submissions from individuals or organizations (large or small) are welcome.
Thought Your Facebook Friends List was Private? Think Again!
PARIS, Nov. 22, 2013
/PRNewswire/ -- Researchers from the Quotium Seeker Research Center
identified a security flaw in Facebook privacy controls. The
vulnerability allows attackers to see the friends list of any user on
Facebook. This attack is carried out by abusing the 'People You May
Know' mechanism on Facebook, which is the mechanism by which Facebook
suggests new friends to users.
attacks being on the rise, Facebook is often targeted by hackers for
the information it possesses. Users rely on Facebook to maintain their
privacy to the best of Facebook's ability.
responded that: "If you don't have friends on Facebook and send a
friend request to someone who's chosen to hide their complete friend
list from their timeline, you may see some friend suggestions that are
also friends of theirs. But you have no way of knowing if the
suggestions you see represent someone's complete friend list." However,
research of this issue has shown that most of the friends list, often
hundreds of friends, is available to the attacker. In any case, even a
partial friends list is a violation of user-chosen privacy controls.
this vulnerability renders the privacy control to hide friend's lists
from other users irrelevant, we hope Facebook will change its mind and
this flaw will be addressed.
Irene Abezgauz, VP Product Management at Quotium and Seeker Research Center leader is credited with the discovery of this vulnerability.
Technologies is a specialist in the development of innovative software
solutions to guarantee the security and performance of business critical
applications throughout their lifecycle. Quotium is an Interactive
Application Security Testing (IAST) pioneer with its application
security testing software Seeker.