Revealed a recent study by cyber-security firm Imperva that there is a serious gap site “Facebook” allows anyone to see users ‘ activity, including likes, posts, and friends list, and found the team of researchers a bug in the search feature of Facebook allowed the attackers to withdraw to user data quietly without their knowledge.
Discover Ron Maas, a researcher of security in the idea, that the search feature was vulnerable to attacks forgery cross-site (CSRF), which benefit from data users to perform tasks in undesirable on the browser, in this case, users visit a malicious web site in Google Chrome and logged in already to Facebook.
It is during that step, the attackers can access data such as who your friends are, and I admire him and what raises the attention of your friends, and through manipulation, it is possible to formulate search queries reflect the personal information about the user. One example of this is that it was possible for the attackers to search if the user has the image in a particular country or if the user has problems the library contains a particular word or phrase.
Confirmed on Facebook that the cell may also affect other web sites, said a spokesman for Facebook, the newspaper theverge of America :”we appreciate such efforts for the rewards program, we fixed this problem in the search page and did not catch up to any abuse”.
The company added: “because power basic is not specific to Facebook, we have provided our recommendations for the relevant authorities to encourage them to take steps to prevent this kind of problems in other web applications”.