Vulnerability in Facebook could have exposed personal user data
15 November, 2018, 21:01 | Author: Sammy Rose
Instead, Imperva security researcher Masas says in the announcement, "Having reported the vulnerability to Facebook under their responsible disclosure program in May 2018, we worked with the Facebook Security Team to mitigate regressions and ensure that the issue was thoroughly resolved".
"A unique feature of the uncovered bug is the exploitation of the Iframe element within Facebook's search feature", Masas toldSiliconANGLE Tuesday. Masas found that Facebook search results were not sufficiently protected from cross-site request forgery attacks, meaning bad actors could have used an iFrame to extract data from a logged-in Facebook profile in another tab.
Ankush Johar, Director at Infosec Ventures explained, "Although CSRF flaws have a big prerequisite to work that the user must be logged in to the website while he/she visits the infected page, what makes the Facebook vulnerability risky is, unlike other websites, most of the users are always logged into Facebook in their browsers thus putting everyone at massive risks". For example, the exploit could see if a user liked a certain page.
Attackers could have run queries with certain graph searches, such as to find out whether you liked a page, if you took photos at a certain location or if you or your friends used specific keywords in your posts.
Masas warned that though a CSRF attack is not a common technique, it could rise in popularity next year.
Giants beat 49ers 27-23
The pass completed a nine-play, 75-yard drive, after Manning took over on his own 25-yard line with 2:46 to play, trailing 23-20. Those sacks have amounted to 231 lost yards, nearly half as many as running back Saquon Barkley's total rushing yards (519).
Masas added that the vulnerability was especially unsafe for mobile phone users, who may not even notice a new browser tab opening when the attack takes place.
These search queries, even if they didn't expose fine-grained details, they did expose second-hand information that could reveal, when pieced together, the identity of a user and his friends circle.
Imperva, a cybersecurity company, discovered the flaw and disclosed it to Facebook in May. "As the underlying behavior is not specific to Facebook, we've made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications".
News of the bug comes amid increased scrutiny for Facebook following a string of data privacy scandals.
Back in April, the cricketer had tweeted on the worrisome situation at the "Indian Occupied Kashmir". Innocents being shot down by oppressive regime to clamp voice of self determination & independence.
The Los Angeles Police Department tweeted that the star attorney was booked in the afternoon and his bail was set at $50,000. An LAPD public information officer confirmed to Fox News that an individual had been arrested on domestic violence charges.
The journalist went into self-imposed exile in the United States in 2017 after falling out with Prince Mohammed. He added that Jamal Khashoggi's body was dismembered and then transferred outside the Saudi consulate building.
He had 26 points and his season high of 12 rebounds in a 128-119 loss at Portland in the season opener on October 18. Afterward, James praised Chamberlain as "One of the most dominant forces we ever had in our game, along with Shaq.
He said: "This is a significant and exciting day for the Challenge Cup, and the game's relationship with Wembley Stadium". The country was up against Australia in a vote conducted by the World Rugby Council in Dublin on Wednesday.
Also, it has been five years since the last PlayStation came out, so it's probably time that we get to see the next iteration. Sony also plans to roll out its usual PlayStation Store Black Friday game sale beginning November 16.
John Maffei of the San Diego Union-Tribune was the only writer to place Scherzer ahead of deGrom on their ballot. DeGrom nearly won the award unanimously, receiving 29 of 30 first-place votes with 207 total points.
The second man was part of Mazloumin's network and had been involved in the sale of gold coins, Mizan reported. His case was up for appeal before the Supreme Court, but the status of his case was not immediately clear.
In US, 2019 Corolla Hatchback is available with 2.0 liter four-cylinder gasoline engine that offers 168hp and 210 Nm of torque. The sedan should also come with the 8inch display with will support Apple CarPlay and Entune 3.0 Audio system.
Mithali stars in facile win over Pakistan
By the time Raj was dismissed India was already well on their way to victory with only eight runs needed from 14 balls. BOWLING: A Reddy 4-1-24-1, RP Yadav 4-0-26-0, DB Sharma 4-0-26-0, D Hemalatha 4-0-34-2, Poonam Yadav 4-0-22-2.
English FA to cut foreign players in Premier League
Premier League clubs are expected to vote against proposals to limit the number of foreigners in their squads ahead of Brexit . Only seven clubs in England's top flight would meet those requirements if they were in place this season.
Leaked pictures from Deepika, Ranveers wedding
Moreover, according to reports in the Indian media, the couple will release the pictures at 6pm today. Ranveer Singh and Deepika Padukone's nuptials are being attended by close friends and family.