Wednesday, January 26, 2011

Security Holes In Facebook

Do you know anyone can update your facebook status!!!!
Anyone can upload worms on facebook!!!!
Not just you,even your friends are not safe!!!

Yes,it's true.
Following are some security holes in facebook:

1. Profile Access
If you have activated facebook mobile your account is at danger.The thing is, when updating status or any such command via phone,facebook does not ask for your password.So all one have to do is send a message to facebook such that it appears that it is sent from your number.The trick is called Spoof messaging.There are a lot of sites providing this service.One such site is http://www.smsglobal.com/ .They provide 25 free messages.
Using this hole anyone can
  • Update your status
  • Message
  • Get Profile Information of your friends
  • Get cell phone number of your friends
  • Wall post
  • Poke
  • Add your friend
  • Write a note
  • Comment on your status
To do all this one just needs your cellphone number registered on facebook!!!

How to be safe: Do not activate Facebook Mobile.


2. Accessing Deleted Images  
If you think that once you delete an photo it will not be visible to others,then you are wrong.
Once you delete an image only it's link is deleted,not the image...So if you have thelink you can still access a deleted image.So be careful with what you upload!!

3.Facebook is vulnerable to Worms
Facebook can be infected with worms by creating an application.Recent Rotating images worm proves it.It posted status messages automatically, looking something like this:
Hi Friends see Face-book images rotate 360* see here >> http://SHADYCLOUDS.TK/
Really cool Facebook revolving images. MUST SEE http://rotatingimage2.tk/ .
Some are calling it as “social XSS” attack,i.e. any script from friend tempts you to run the same script from address bar.And any such script as if it was hosted on facebook.com and can do everything which the logged-in user can do (unless facebook detects and catches malicious automated action).
How to be safe: Do not allow access to any application unless you completely trust it.

Note: I do not intend to cause damage to social image of facebook in any form.This tutorial is for educational purposes only.I am not responsible for misuse of information posted in any form.