Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Facebook this week fixed a privacy glitch on its website that could have been abused to obtain a user's full name and photo by entering an incorrect password, a researcher said.When logging into Facebook, if a user's email address was paired up with the wrong password, the site returned an “incorrect password” message – along with the full name and profile picture of the user associated with the email address that was provided, Atul Agarwal of Secfence Technologies wrote in a post on the Full Disclosure mailing list. The bug, which existed for an unknown amount of time, could have been abused by phishers or spammers to match unknown email addresses with an individual's name and photo, Agarwal said. Such capability could be useful for crafting socially engineered phishing attacks that include a user's full name, according to Agarwal. Additionally, someone with malicious intent could have generated a list of random email addresses and utilised the flaw to verify their existence. “Facebook users have no control over this, as this works even when you have set all privacy settings properly,” Agarwal wrote. Facebook, in a statement sent to SCMagazineUS.com, said the glitch has been fixed. “We have technical systems in place to prevent people's names and profile photos from showing to unrelated users upon login, but a recently introduced bug temporarily prevented these from working as intended,” Facebook said in a statement. “We remedied the situation swiftly.”See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.