Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Facebook vulnerability allowed silent webcam recording
Posted by Philipp Esselbach on: 01/05/2013 12:21 PM [ Print | 0 comment(s) ]
Facebook has fixed a security vulnerability that could be exploited by an attacker to record video from a victim's webcam and then post it to their timeline without requesting their permission.
From MajorGeeks:
Facebook vulnerability allowed silent webcam recording
The social network operator doesn't seem to have been in any great hurry – security researchers Aditya Gupta and Subho Halder say that they informed the company of the problem four months ago. The two are, however, happy with the outcome, as the reward paid out by Facebook for reporting the vulnerability proved to be significantly more than expected.
The researchers discovered that the video upload feature, which is implemented in Flash, was not properly protected against cross-site request forgery (CSRF) attacks. They developed a demo web page containing an embedded Flash applet – visiting the page displayed the video uploader, but, when clicked on, the uploader recorded a video with the visitor's webcam and posted it to their Facebook timeline without requesting their permission. The only requirement was that the user had to be logged into their Facebook account at the time.
The researchers discovered that the video upload feature, which is implemented in Flash, was not properly protected against cross-site request forgery (CSRF) attacks. They developed a demo web page containing an embedded Flash applet – visiting the page displayed the video uploader, but, when clicked on, the uploader recorded a video with the visitor's webcam and posted it to their Facebook timeline without requesting their permission. The only requirement was that the user had to be logged into their Facebook account at the time.
Facebook vulnerability allowed silent webcam recording
Related Stories
04/24/2012 08:51 AM: Facebook buys AOL patents from Microsoft for $550 million by Philipp Esselbach
Facebook today struck a $550 million deal with Microsoft to purchase patents originally belonging to AOL...
01/05/2012 11:16 PM: Ramnit worm heads for Facebook by Philipp Esselbach
Seculert Cyber Threat Management has done a lot of research on the Ramnit worm and recently spotted it targeting Facebook accounts stealing over 45,000 logins mostly from the UK and France...
01/02/2012 09:13 PM: Facebook Phasing Out Support For IE7 by Philipp Esselbach
HardOCP posted a story that Facebook is phasing out support for IE7 because it doesn't display Timeline profiles correctly...
07/25/2011 09:05 PM: Microsoft updates Azure tookit for Apple's iOS to support federation with Facebook, Google and more by Philipp Esselbach
Microsoft rolled out an update to its Windows Azure toolkit for iOS which adds support for identity federation across Google, Yahoo, Live ID, Facebook and ADFS....
07/16/2011 09:11 AM: Activate Facebook Chat in Windows Phone "Mango" by Philipp Esselbach
WPCentral shows you how to activate Facebook Chat in Windows Phone Mango...
05/17/2011 09:16 AM: Microsoft Deepens Bing's Use of Facebook Data by Philipp Esselbach
Microsoft has incorporated more Facebook data into its Bing search results, increasing the competition around social search with Google...
10/14/2010 07:46 AM: Facebook and Microsoft partner on new social-search features by Philipp Esselbach
All About Microsoft posted a news story that Microsoft and Bing are partnering to make Bing search more social...
10/25/2007 11:02 AM: Media Alert: Facebook and Microsoft to Make Announcement by Bob
Details of the announcement will be provided during a press teleconference call. Media Alert: Facebook and Microsoft to Make Announcement ...
08/23/2006 08:59 AM: Microsoft lands Facebook ad deal by Philipp Esselbach
Software maker will provide search and advertising listings to Facebook's 9 million users. Microsoft lands Facebook ad deal...
Facebook today struck a $550 million deal with Microsoft to purchase patents originally belonging to AOL...
01/05/2012 11:16 PM: Ramnit worm heads for Facebook by Philipp Esselbach
Seculert Cyber Threat Management has done a lot of research on the Ramnit worm and recently spotted it targeting Facebook accounts stealing over 45,000 logins mostly from the UK and France...
01/02/2012 09:13 PM: Facebook Phasing Out Support For IE7 by Philipp Esselbach
HardOCP posted a story that Facebook is phasing out support for IE7 because it doesn't display Timeline profiles correctly...
07/25/2011 09:05 PM: Microsoft updates Azure tookit for Apple's iOS to support federation with Facebook, Google and more by Philipp Esselbach
Microsoft rolled out an update to its Windows Azure toolkit for iOS which adds support for identity federation across Google, Yahoo, Live ID, Facebook and ADFS....
07/16/2011 09:11 AM: Activate Facebook Chat in Windows Phone "Mango" by Philipp Esselbach
WPCentral shows you how to activate Facebook Chat in Windows Phone Mango...
05/17/2011 09:16 AM: Microsoft Deepens Bing's Use of Facebook Data by Philipp Esselbach
Microsoft has incorporated more Facebook data into its Bing search results, increasing the competition around social search with Google...
10/14/2010 07:46 AM: Facebook and Microsoft partner on new social-search features by Philipp Esselbach
All About Microsoft posted a news story that Microsoft and Bing are partnering to make Bing search more social...
10/25/2007 11:02 AM: Media Alert: Facebook and Microsoft to Make Announcement by Bob
Details of the announcement will be provided during a press teleconference call. Media Alert: Facebook and Microsoft to Make Announcement ...
08/23/2006 08:59 AM: Microsoft lands Facebook ad deal by Philipp Esselbach
Software maker will provide search and advertising listings to Facebook's 9 million users. Microsoft lands Facebook ad deal...