Full Disclosure mailing list archives
[TEHTRI-Security] Facebook Security Issues through HTML Iframes
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml () tehtri-security com>
Date: Mon, 12 Sep 2011 15:44:17 +0200
Gents, Here are humble thoughts about potential security issues against facebook end-users, thanks to html iframes and evil crafted profiles/pages: http://www.tehtri-security.com/en/news.php?id=73 We also shared a tiny proof of concept with javascript stuff, tracking issues, and phishing simulation to grab login/password of some facebook users. Notice that we didn't share offensive source code, as we don't want evil people to play against facebook end-users. We just want to help people at being more paranoid when they are on Internet, and Facebook is a great place for that. Best regards. Laurent ESTIEUX (CTO TEHTRIS) & Laurent OUDOT (CEO TEHTRIS) TEHTRI-Security - "This is not a Game" [w] http://www.tehtri-security.com/ [t] @tehtris Register to our international training (2011): - Hack In The Box - Kuala Lumpur - "HUNTING WEB ATTACKERS" http://conference.hitb.org/hitbsecconf2011kul/?page_id=274 - Black Hat - Abu Dhabi - "ADVANCED PHP HACKING" https://www.blackhat.com/html/bh-ad-11/training/bh-ad-11-training_PHP.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [TEHTRI-Security] Facebook Security Issues through HTML Iframes Laurent OUDOT at TEHTRI-Security (Sep 12)