January 18, 2011

Facebook Threat Feasibility

Facebook's advanced search feature has brought some of the vulnerabilities in it to the lime light. If some one sets up a habit as smoking and chooses the option only friends should see it, that profile is being displayed when it is searched by advanced search. It is not blocking unless their profile is being excluded from searches.

This problem has raised because of a security hole. Normally people can perform a query by logging into their college account. A student at an MIT summer program discovered that by changing the server
in the query URL from \mit.facebook.com" to \school.facebook.com", he could perform the query
on any school without having a valid account for that school. He also found that most of the fields are indexed by ID numbers.

Password security threat:
The main vulnerability is that it sends user name and password in plain text, not in hidden or encrypted form. Any antagonist can read Face book user names and profiles over the ethernet or un encrypted wireless traffic by obtaining access to Facebook user names and passwords as well as additional accounts they use the same passwords for.

There is no privacy for photos on facebook, any one can search for the photos in any organization or any university just by changing the query URL. The ability of users to upload and tag photographs easily, and the difficulty for a user to de-tag large numbers of photographs, makes it easy for others to nd photographs with few restrictions.

Another threat is that students at universities ended up at their dean's offices with the advent of administrative rights to their organization. Administrators are using Facebook to learn about their students and their students' activities.It is not only restricted to universities but also to the organizations and their employees.


Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog



Twitter Delicious Facebook Digg Stumbleupon Favorites More