- Facebook Privacy Fail: Where is Your Friends Data Going? SecuObs - L'observatoire de la sécurite internet - Site d'informations professionnelles francophone sur la sécurité informatique

Facebook Privacy Fail: Where is Your Friends Data Going?

Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

S'abonner au fil RSS global de la revue de presse

Facebook Privacy Fail: Where is Your Friends Data Going?

Par Security for the Masses
Le [2009-06-10] à 22:31:52

Présentation : Nice write ups on Facebook applications and the flow of data that occurs within and without them, including sending your session to be used by a third party. Here is an excerpt: "The third bit (red) is the amazing part-all of my session parameters were sent to the ad server as well. Because I authorised the application, these parameters are a capability to query Facebook for my data and my friends? data. Sure enough, the ad server then went on to query Facebook?s databases on my behalf! From its iframe, the ad-server?s JavaScript sends queries to Facebook with the application?s session parameters. The results are then sent back to the ad-server. You can watch all of this happen using a packet sniffer in real-time and it?s quite amazing. There?s a great writeup from a week ago by another security researcher investigating these matters with some example queries the ad server?s JavaScript is making, requesting thinks like the set of all friends who live in the same city, are single, and share interests with me. This is all in direct violation of Facebook?s Terms of Service and Platform Guidelines, which clearly prohibit using user data for anything but the application it was given for as well as transferring session parameters to a third party." Original article here. Another site referenced, Social Hacking[]

Les mots clés de la revue de presse pour cet article : facebook privacy
Les éléments de la revue Twitter pour les mots clé : facebook privacy

Lire l'article complet sur le site d'origine

S'abonner au fil RSS Secuobs pour le site "Security for the Masses"
Voir tous les articles du site "Security for the Masses"

Les derniers articles du site "Security for the Masses" :

- LulzSec Next Op Sownage
- LulzSec Laughing at your security since 2011
- Black History Canada Website Being Probed
- 50 Cpanels Hacked. Is Your Website Here
- Tor Developers Worked for Navy, NSA
- DoD Memo on PKI
- Ozeki.hu Hacked and Exposed
- Latest Prices for EU CC - Stolen of Course
- Hackers Want Help Hacking Your Web Site...
- Latest from US-CERT

Voir tous les articles du site "Security for the Masses"

S'abonner au fil RSS global de la revue de presse

Menu > Articles de la revue de presse : - l'ensemble [tous | francophone] - par mots clé [tous] - par site [tous] - le tagwall [voir] - Top bi-hebdo de la revue de presse [Voir]

Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre + de mots clés avec l'annuaire des articles publiés sur SecuObs

Mini-Tagwall de l'annuaire video :

curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter