Friday, October 28, 2011

Facebook acknowledges messaging vulnerability that allows sending of malicious files



http://ow.ly/7bXXW

An article by Matt Brian posted on thenextweb.com website.

This article discusses a security researchers article that states that Facebook's site can be exploited, and allow third-party users to send malicious messages to Facebook users.  A link to the referenced article is provided.

The article states, "The exploit, which focuses on how Facebook interprets file uploads within messages, was submitted to Facebook September 30 by penetration tester Nathan Power and was recognised by the company on Wednesday.

By default, Facebook blocks malicious file uploads, preventing users from attaching executable or batch files that would be able to infect a computer if downloaded and run. Facebook would typically issue the response: ”Error Uploading: You cannot attach files of that type.”

However, Power was able to analyse the responses that the Facebook website returned when his browser made a POST request to its webserver, finding a variable that would tell the system that a filename had been attached and determine whether it would be approved for sharing via the service.."

The article further states, "Yesterday, we reported that Facebook’s cyber-security system processes and checks 650,000 actions every second to keep its users safe from spam and cyber-attacks on the social network. The Facebook Immunity System (FIS), as it’s known, is said to highly efficient also, with just 1% of users reporting issues as spam."

The article provides an update from Facebook’s Security Manager Ryan McGeehan whom provides information as to additional security measures that Facebook has in place which would protect users from the type of exploit that was referenced in the article.



No comments:

Post a Comment