[LINK] Facebook Bug Lets Hackers Delete Friends

community at thoughtmaybe.com community at thoughtmaybe.com
Tue May 25 00:27:25 AEST 2010


"There's lot of talk about Facebook and privacy at the moment, but a bug in Facebook's website lets hackers delete Facebook friends without permission. Steven Abbagnaro, a student from Marist College in Poughkeepsie, New York reported the flaw, writing proof-of-concept code that scrapes publicly available data from users' Facebook pages and deletes all of their friends, one by one. The victim first has to click on a malicious link while logged into Facebook. Abbagnaro's code exploits the same underlying flaw that was first reported by Alert Logic security analyst, M.J. Keith, who discovered a cross-site request forgery bug, where the website doesn't properly check code sent by users' browsers to ensure that they were authorized to make changes on the site."


http://www.computerworld.com/s/article/9177113/Hackers_can_delete_Facebook_friends_thanks_to_flaw

http://www.alertlogic.com/enterprise/blogs/32


More information about the Link mailing list