Facebook "Trusted friends" Security Feature Easily Exploitable

[Mohit Kumar <thehackernews () gmail com>]

Last week Facebook announced that in one day 600,000 accounts possibly get
hacked. Another possible solution for Facebook to combat security issues is
to find 3 to 5 "*Trusted friends*". Facebook will be adding two new
security features that will allow users to regain control of their account
if it gets hijacked.

In Facebook's case, the keys are codes, and the user can choose from three
to five "*Trusted friends*" who are then provided with a code. If you ever
get locked out of your account (and you can't access your email to follow
the link after resetting your Facebook password), you gather all the codes
and use them to gain access to it again. Yet This method is used by hackers
to hack most of the Facebook account using little bit of Social Engineering
from last 5-6 Months according to me. Let us know, how this works...

*How its Exploitable:*
*This Exploit is 90% Successful on the victims who add friends without
knowing them or just for increasing the number of Friends. *This method to
hack a Facebook Account only works if 3 trusted friends agree to give you
the security code ! Another Idea, Why not Create 3 fake accounts and send
Friend Request to Victim. Once your 3 Fake Accounts become friends with
your victims facebook account, you can select those 3 Accounts to get the
Security Code and Reset the password of Victim. Here a
Complete Demonstration of Hacking Method on
HackersOnlineClub<http://www.hackersonlineclub.com/hack-facebook-account>
.

*Other Serious Facebook Vulnerability in Last Week*
Last Week *Nathan Power* from SecurityPentest has discovered new Facebook
Vulnerability<http://thehackernews.com/2011/10/facebook-exe-attachment-vulnerability.html>,
that can easily attach EXE files in messages,cause possible User
Credentials to be Compromised . Not even Account Security, Also there are
lots of Privacy Issues in Facebook,like *Nelson Novaes Neto*, a Brazilian
(independent) Security and Behavior Research have analyze a privacy issue
in Facebook Ticker<http://thehackernews.com/2011/10/how-facebook-ticker-exposing-your.html>that
allows any person chasing you without your knowledge or consent .  *Facebook
should takes these privacy issues & security holes very seriously.*
*
*
Read More at  : The Hacker News ~
http://thehackernews.com/2011/10/facebook-trusted-friends-security.html

-- 
*Regards,*
*Owner,*
*The Hacker News <http://www.thehackernews.com/>*
*Truth is the most Powerful weapon against Injustice.*

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/