Thought Your Facebook Friends List was Private? Think Again!

PARIS, Nov. 22, 2013 /PRNewswire/ -- Researchers from the Quotium Seeker Research Center identified a security flaw in Facebook privacy controls. The vulnerability allows attackers to see the friends list of any user on Facebook. This attack is carried out by abusing the 'People You May Know' mechanism on Facebook, which is the mechanism by which Facebook suggests new friends to users.

(Logo: http://photos.prnewswire.com/prnh/20131122/PH22080LOGO )

With attacks being on the rise, Facebook is often targeted by hackers for the information it possesses. Users rely on Facebook to maintain their privacy to the best of Facebook's ability.

FB responded that: "If you don't have friends on Facebook and send a friend request to someone who's chosen to hide their complete friend list from their timeline, you may see some friend suggestions that are also friends of theirs. But you have no way of knowing if the suggestions you see represent someone's complete friend list." However, research of this issue has shown that most of the friends list, often hundreds of friends, is available to the attacker. In any case, even a partial friends list is a violation of user-chosen privacy controls.

Since this vulnerability renders the privacy control to hide friend's lists from other users irrelevant, we hope Facebook will change its mind and this flaw will be addressed.

For technical details see http://www.quotium.com/research/advisories/Facebook_Vulnerability_Discloses_Private_Friends_list.php

Irene Abezgauz, VP Product Management at Quotium and Seeker Research Center leader is credited with the discovery of this vulnerability.

About Quotium

Quotium Technologies is a specialist in the development of innovative software solutions to guarantee the security and performance of business critical applications throughout their lifecycle. Quotium is an Interactive Application Security Testing (IAST) pioneer with its application security testing software Seeker.

Seeker is a new generation application runtime code and data security analysis solution. Seeker's technology increases the accuracy of application testing by combining the detection of potential vulnerabilities with verification through real-time exploit attempts. With accuracy, clarity and simplicity, Seeker delivers immediate results, does not require any manpower overhead and integrates seamlessly in any existing development and testing processes.

For more information see http://www.quotium.com/prod/security.php

Elsane Guglielmino
+33149047060

Read more news from Quotium Technologies.

SOURCE Quotium Technologies



RELATED LINKS
http://www.quotium.com

More by this Source


Custom Packages

Browse our custom packages or build your own to meet your unique communications needs.

Start today.

 

PR Newswire Membership

Fill out a PR Newswire membership form or contact us at (888) 776-0942.

Learn about PR Newswire services

Request more information about PR Newswire products and services or call us at (888) 776-0942.