Sunday, March 6, 2011

Facebook New Vulnerability found and explained

New Facebook BUG got revealed

Lets Discuss first what is it ? 

Look into this pictures 



Well Can you see those two are prominent personalities in this cyber world  hate them or love them but my post is  for awareness.

FaceBook has introduced a new features called groups.
 Here is the picture if you dont know what are groups are 

On the Left Side of my Post you can see the Black mark those are groups i have joined in Facebook or got invited.

So whats with it ? How am i hacked with them ?

Yea i'm coming to the point. 

The Main point here is you dont need to join a group they can invite you and you are automatically added into the group 
This is one of the bug with facebook 

Second main point is every group contains a unique email address on the top (Click on any group and on the top you can see the groups email address)


Ok i have seen why are you discussing all these terms i know all these things !!

Well coming to the point facebook got a bug which updates the groups post when you send a message to the group's mail address. 

Confused ? 

here is the Image 






I Hope you can understand the view im saying !! 


Any one can spoof the email and when you send an email to group's email address 
The Post will be posted on your wall which your friends can see.

An Attacker can write anything like your profile has been hacked etc He can even abuse you which degrades your fame..
Facebook Marketing: An Hour a Day

Well this doesn't mean your password got compromised, its only that your email address (not password ) got compromised 
If the attacker has your email id which you use to sign in to facebook and if you have joined some groups then an attacker can write fake information and post in that group about you that would be seen by all of your friends.

So Whats the remedy for this ?
Well hide your email address as of now and change the email address you are signing in and dont ever tell that email address to any of your friends or enemies 
Will facebook does anything / What can facebook do ?

Well facebook first should validate the authenticity of the email received ( its easy )  
Facebook is introducing new features but forgetting one thing the bigger it is the more vulnerabilities it will.
Got any questions ask me here :) 

Signed
Subhash Dasyam
Filed Under :

9 comments for "Facebook New Vulnerability found and explained"

  1. good work :)

    thanks for the disclosure

    ReplyDelete
  2. Hey bro... Which email spoofing site you used??

    ReplyDelete
  3. Well that doesn't matter you can use anything any site you want simple php script :)

    ReplyDelete
  4. Nice i know that guy who said that the other guy is testing. Check out ma blog => learn-security-auditing.blogspot.com

    I AM NOT ADVERTISING !

    Thanks for the flaw :->

    ReplyDelete
  5. Nice i know that guy who said that the other guy is testing. Check out ma blog => learn-security-auditing.blogspot.com

    I AM NOT ADVERTISING !

    Thanks for the flaw :->

    ReplyDelete
  6. nice :)
    SV ko hack kar dia... as in unki hi profile pe demo c00l :))

    ReplyDelete
  7. buycheapfacebooklikesWell, this is very interesting indeed. Would love to read a little more of this. Good post. Thanks for the heads-up.

    ReplyDelete

background