Jump to content

Another Facebook Bug Could Have Exposed Your Private Information

Pogba65

By Pogba65
in General Chat

 Share

Recommended Posts

Pogba65

Pogba65

Posted
Posted

Discovered by cybersecurity researchers from Imperva, the vulnerability resides in the way Facebook search feature displays results for entered queries. According to Imperva researcher Ron Masas, the page that displays search results includes iFrame elements associated with each outcome, where the endpoint URLs of those iFrames did not have any protection mechanisms in place to protect against cross-site request forgery (CSRF) attacks.

Source: https://thehackernews.com/2018/11/facebook-vulnerability-hack.html

"This Security Vulnerability is not that big, but little things like that can make a big impact on big websites like Facebook." 

Link to post
Share on other sites
Pogba65

Pogba65

Posted
  • Author
Posted
56 minutes ago, Firefox said:

Thanks for the info...

The way I sort of feel about this....

If you put your information out there on the internet... it really is no longer private... ;)

Agree, But there are some information Facebook does have of users activity, which Users did not update on the internet by them self, They are gathered by third party apps and from there devices. 

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)
8 hours ago, Pogba65 said:

Agree, But there are some information Facebook does have of users activity, which Users did not update on the internet by them self, They are gathered by third party apps and from there devices. 

That's why people need to be much pickier about the sites they choose to visit and also consider blocking content and applications like those often embedded in third party websites by the likes of Facebook and Twitter (I do; no content from those sites reaches my system, including the embedded trackers and buttons they place on so many sites these days, and the same goes for the likes of Microsoft and Google).

Of course, if someone tried to use Facebook or Twitter on my system, they would find that they couldn't because those domains are blocked.  I don't use them and don't allow those sites to be connected to by my system at all.  Perhaps I'm being overly restrictive or paranoid, but if I don't share any information with them, there's nothing for them to know or share about me.

Edited by exile360
Link to post
Share on other sites
Pogba65

Pogba65

Posted
  • Author
Posted
5 hours ago, exile360 said:

That's why people need to be much pickier about the sites they choose to visit and also consider blocking content and applications like those often embedded in third party websites by the likes of Facebook and Twitter (I do; no content from those sites reaches my system, including the embedded trackers and buttons they place on so many sites these days, and the same goes for the likes of Microsoft and Google).

Of course, if someone tried to use Facebook or Twitter on my system, they would find that they couldn't because those domains are blocked.  I don't use them and don't allow those sites to be connected to by my system at all.  Perhaps I'm being overly restrictive or paranoid, but if I don't share any information with them, there's nothing for them to know or share about me.

That's great; Security comes first. But there are many users out there unlike you, Who don't have that much knowledge about tracking and online security that's why they did not take care about picking a website, and they use all platforms on the internet without even thinking about there information security. I believe there is still a need to increase the awareness about these things. 

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Yes, that's very true.  That's why tools and apps like CCleaner, Ghostery, Disconnect, Adblock Plus, uBlock Origin, hpHosts (and other security/ad blocking/privacy HOSTS files etc.), Spywareblaster, Spybot Search & Destroy and even the new Malwarebytes browser extension beta exist and have become so popular because as big data becomes such a big deal, and as employers as well as friends and acquaintances begin to investigate friends as well as existing and potential employees through Google and social media, and as things like data breaches continue to make headlines and reports on major news outlets and as things like identity theft and dark web info dumps and sales become regular occurrences and topics of discussion, people become more concerned about their security and privacy.

It's very much like in the past, where hardly anyone knew who companies like Malwarebytes even were, until rogue/fake AVs and PUPs became more common than computer viruses and other more destructive forms of malware as things shifted towards financial gain as the ultimate goal of the threats attacking computing devices, that people became aware of Malwarebytes and others specializing in these areas of protection and remediation to the point where now they have become a multi-million dollar company and are widely known by a large portion of the general public.

I think privacy is very much the same, and as people are made more aware of it through these events and trends, and as Microsoft, Google and social platforms like Facebook and Twitter continue to get attention (both positive and negative) for their privacy and data handling practices, that people will seek options to protect themselves and their data, assuming they are concerned at all about privacy (many people frankly don't care that they're being monitored and tracked everywhere they go on the net, unfortunately, even though they're fully aware of it).  I mean that's the entire reason GDPR happened, right?  Because of widespread public awareness and privacy concerns.  So I think that as more of our lives and actions are experienced online, the more people will be alert to the idea that they are exposing themselves in ways and to organizations and individuals beyond scope and that those who seek to retain some measure of privacy will gather and use tools necessary to protect that privacy.

Link to post
Share on other sites
Pogba65

Pogba65

Posted
  • Author
Posted
On 11/17/2018 at 12:41 PM, exile360 said:

Yes, that's very true.  That's why tools and apps like CCleaner, Ghostery, Disconnect, Adblock Plus, uBlock Origin, hpHosts (and other security/ad blocking/privacy HOSTS files etc.), Spywareblaster, Spybot Search & Destroy and even the new Malwarebytes browser extension beta exist and have become so popular because as big data becomes such a big deal, and as employers as well as friends and acquaintances begin to investigate friends as well as existing and potential employees through Google and social media, and as things like data breaches continue to make headlines and reports on major news outlets and as things like identity theft and dark web info dumps and sales become regular occurrences and topics of discussion, people become more concerned about their security and privacy.

It's very much like in the past, where hardly anyone knew who companies like Malwarebytes even were, until rogue/fake AVs and PUPs became more common than computer viruses and other more destructive forms of malware as things shifted towards financial gain as the ultimate goal of the threats attacking computing devices, that people became aware of Malwarebytes and others specializing in these areas of protection and remediation to the point where now they have become a multi-million dollar company and are widely known by a large portion of the general public.

I think privacy is very much the same, and as people are made more aware of it through these events and trends, and as Microsoft, Google and social platforms like Facebook and Twitter continue to get attention (both positive and negative) for their privacy and data handling practices, that people will seek options to protect themselves and their data, assuming they are concerned at all about privacy (many people frankly don't care that they're being monitored and tracked everywhere they go on the net, unfortunately, even though they're fully aware of it).  I mean that's the entire reason GDPR happened, right?  Because of widespread public awareness and privacy concerns.  So I think that as more of our lives and actions are experienced online, the more people will be alert to the idea that they are exposing themselves in ways and to organizations and individuals beyond scope and that those who seek to retain some measure of privacy will gather and use tools necessary to protect that privacy.

Agree, The Privacy Awareness will more increase with time. 

Link to post
Share on other sites
jadinolf

jadinolf

Posted
Posted
22 hours ago, exile360 said:

Hehe, I pretty much have no life.  Being social isn't a driving force in my life.  I spend most of my time alone and I'm quite content with that existence and have no desire to change it, but I'm definitely an outlier.

Plus One but I do have Fred to keep me company.

His picture is in my avatar.😀

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.