[now fixed] Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]

ZDNet.com reports:

The Register’s Dan Goodin has the scoop on an obvious security vulnerability that’s being ignored by the powers at Facebook.

The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user’s session identification cookies, deliver pop-up messages or change the color of Facebook pages.  Continue reading “[now fixed] Facebook refuses to fix obvious security flaw”

The ugly truth: Satan, social networks and security

This is mostly a geek-read, so let me sum it up for you.  The more apps you add to facebook and myspace, the less safe you are.  Don’t add people you don’t know well (ouch, log in my own eye) and use unique passwords for each account. This or this may help.

“A quick (and very much incomplete) hall of shame here includes MySpace, LiveJournal, and Hi5, all of which we’re surprised haven’t sunk into the East Bay under the weight of their own pwnability.”

More here >> The ugly truth: Satan, social networks and security.