Sunday, September 7, 2008

Facebook - Are you being exploited?

Raise your hand if you have an account on Facebook, Myspace, or any other social networking service? That's what I thought. Just about everyone. And, if you're anything like me and my group of friends then you have tons of nifty little applications on your profile. But are you really safe?

A group of computer researchers have developed an application for Facebook that will allow them to exploit any user who installs the application, without the users knowledge. The idea behind the exploit is to show a security flaw in social networks that could allow hackers to control the users of the social networks and utilize their computers for their own ends.

The researchers' application was the photo of the day application supposedly from National Geographic. Basically, once a use installed the application, they would be able to a daily picture from National Geographic - and they downloaded 3 pictures from another website without knowing about it.

The idea behind this particular attack (targeted at the researchers own servers) was to get as many people into the application as possible, and then flood the website that was being downloaded from. This is a very basic attack used for demonstration purposes, but if utilized by a malicious hacker, it could be much worse. And whats more, once the application was installed, the user was forced into the attack again every time they logged on - without their knowledge of course.

So the next time you find a nice little third party Facebook application, just remember that you could be getting recruited into a h4x07z cyber army... dun dun dunnnnn...

view the original Wired article.

1 comment:

Zaelore said...

Surprising to see a non identity/personal information attack on facebook, this just shows that facebook apps are as flawed as desktop apps.