You probably are one of the owners of an account on Facebook, and probably also know that there are many Facebook applications, some of which were ever you want to allow to access your Facebook account profile.
But you know if there is a gap of vulnerability in these applications? According to the reports web security firm Symantec, maker of Norton antivirus, at least 100 thousand applications up may have accidentally leaked the user account access to social networking for several years.
As CNN reported, up applications are web applications running on Facebook platform. Facebook says its users to install 20 million applications in the same platform every day. Third parties, especially advertisers, have access to profiles, photos, chat and other personal information of users, according to a Symantec blog post on Wednesday (11/5/11).
Facebook to understand the matter and said it was already resolved. But the social networking giant also said that Symantec's report has several "inaccuracies" and user information is never shared with third parties who are not authorized.
Symantec Reports say that over the years, hundreds of thousands of applications were found to have "access token", which the company describes it as a form of a spare key to the accounts of the people.
"Needless to say, due to leakage of access token it seems far and wide," said Nishant Dosti, Norton antivirus provider of enterprise staff in writing on company blogs.
There's no good way to predict exactly how much access tokens have been leaked, according to Symantec.
Fortunately, Symantec says that most application developers may not realize they already have this access. The company said that Facebook has to take corrective actions to address problems discovered last month and attracted the attention of the Facebook.
Facebook says most of the access token expires in two hours, which means no longer useful to malicious third parties after that period. A spokesman for Facebook said to CNN in an e-mail that the site was working with Symantec to resolve the issue. But he said an "investigation meyeluruh" did not indicate the existence of any information obtained by unauthorized parties.
"In addition, the report ignored the contractual obligations of advertisers and developers who forbid them to take or share user information in a manner that violates our policy," he said.
On Tuesday (11 / 5), Facebook announced the developer's blog that it was working with Symantec to identify problems in our authentication path in order to ensure that they are more secure. "
Post it announced an update that requires all websites and applications up to switch to sesuatau new, safer for developers.
"We believe this change creates a better experience and safe for users of your application," wrote Shah Naitik from up in a post.
Facebook currently uses a more secure authentication system for the application, but still support the old, less secure version, Symantec said. That site has not found evidence that any leaked information that has been used for purposes that violate the policy up.
Users up to prevent any unauthorized access in an application owned by changing his key words. The developers who use the old system up will undergo a transition to a new, more secure systems development, between now and 1 October, according to posts on her blog.
This new system allows users to install applications with a detailed list of applications that will access their personal data. At least Facebook does not stay silent in anticipation of applications vulnerabilities crack up.
Source: ANTARANews
0 comments:
Post a Comment