You probably don’t know Nir Goldshlager, but up until recently, he sure could have known you. That’s because Nir discovered a major privacy flaw in Facebook’s OAuth, the system developers use to access all sorts of information every time you hit that innocent, little “allow” button. Nir gained access to virtually anyone’s entire Facebook account. As the hacker explained on his site: “I found a way in to get full permissions (read inbox, outbox, manage pages, manage ads, read private photos, videos, etc.) over the victim account even without any installed apps on the victim account…” And the worst part? The victim wouldn’t even need to click “allow,” so they were expunged from the process entirely. “Just to clarify there is no need for any installed apps on the victim’s account, Even if the victim never allowed any application in his Facebook account, I could still be getting full permissions.”
Facebook Security Flaw Gives Hacker Access to Every Account
on 2.25.13
Author: Shelly Palmer
Shelly Palmer is Fox 5 New York's On-air Tech Expert (WNYW-TV) and the host of Fox Television's monthly show Shelly Palmer Digital Living. He also hosts United Stations Radio Network's, Shelly Palmer Digital Living Daily, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment. He is Managing Director of Advanced Media Ventures Group, LLC an industry-leading advisory and business development firm and a member of the Executive Committee of the National Academy of Television Arts & Sciences (the organization that bestows the coveted Emmy® Awards).
Recent Comments