• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Coyote Chronicle CSUSB

The Independent Student Voice of CSUSB Since 1965

  • News
  • Community
  • Politics
  • Opinions
  • A & E
  • Features
  • Sports
  • Expressions
  • Multimedia

Known Facebook security flaw still raises concern

November 29, 2014 by Jacob Collins Leave a Comment

By Jacob Collins |Staff Writer|

nbcnewsAs of Nov. 14, Facebook has not yet patched a security flaw discovered in 2013, according to security researcher Vivek Bansal.
The flaw exploits Facebook’s permissions allowing the user to post on others walls as someone else through apps that should only allow you to access basic profile information.
Bansal reported the security flaw to Facebook security in October 2013 and was awarded $2,000 as part of their bug bounty program in which they pay security researchers who find security flaws and report them to Facebook.
“I was surprised to discover that in fact no action had been taken to repair the loophole I had originally found. Indeed, I was able to reproduce my exploit and breach their security again using the same script. I was shocked that everything went off as it had before, so I wrote them again expressing my concerns,” stated Bansal in an article on informationsecuritybuzz.com.
Students, even if they do not use Facebook themselves, understand the concern.
“I don’t use Facebook but I can understand why people would be upset by this,” said student Brian Ponce.
Facebook’s bug bounty program rewards security researchers for finding security flaws in Facebook as long as they follow Facebook’s reasonable disclosure policy. Many of the researchers who have successfully found bugs have been added to the “wall of fame” on Facebook’s bug bounty program.
One CSUSB student said that they were a victim of an attack like this before.
“I’ve had that happen to my friend before. They posted on my page when it wasn’t really them,” said Savannah Barras.
This isn’t the first time that Facebook, like many other tech giants, has dealt with security vulnerabilities.
In 2013, Khalil Shreateh discovered a bug which allowed a user to post on others timelines even if they were not friends. According to Shreateh, he was told that it was not a bug by Facebook, so he used it to make a post on Mark Zuckerberg’s, CEO of Facebook, wall to notify Facebook of the validity of the bug.
The bug that Shreateh found has since been fixed.
In January, Facebook paid Reginaldo Silva, a computer engineer, $33,500 for finding a remote code execution vulnerability in OpenID, which Facebook uses for log-ins.
According to Facebook, in 2013, a total of $2 million was awarded through the bug bounty program.
$1.5 million of the $2 million was spread out between researchers in 2013.
It is unknown when or if the security hole will be fixed by Facebook.

 

 

Related posts:

Apps are students favorite pastime
How Often Should Men Get Haircuts In The Winter?
Social Media: Benefit or Hindrance

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on Twitter (Opens in new window)

Filed Under: News Tagged With: authorization, Facebook, flaw, permissions, security

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Newsletter

Search the website

About Us

Location : University Hall, Room UH-018
+1-(909) 537 - 5815

Pages

  • About
  • Advertising
  • Alumni
  • Archives
  • Contact
  • Multimedia
  • Newsletter Signup
  • Submissions

Meta

Login

Copyright © 2021 · News Pro on Genesis Framework · WordPress · Log in