Full Disclosure mailing list archives
Re: Security risks in public APIs?
From: GloW - XD <doomxd () gmail com>
Date: Thu, 27 Oct 2011 09:40:49 +1100
My own thoughts is, aslong as FaceBook continues to live, there will always be that million people who will not bother to worry, because afterall, its not theyre website, so, why even bother to use a secure api... if you know your security enough then, it is a well known target for any attack and will continue to be attacked aslong as it stays big, it is a source of easily gotten robots through spam and yes, bad links etc within facebook. I know with myspace, it was nonstop worms and these worms were darn good, using trick flash plugin exact pages to do theyre bidding to "view a friends page' .... this kind of attacking and attacks wil always happen, so, the security info is great for some but, really if you keep things *small* and monitor who you add to the list of friends, you should never be *owned8 , then again, there will always exist the better social engineers. I will conclude by saying, i dont have any facebook account, i have only monitored what i have watched happen, over and over it seems with facebook, and continues to have undisclosed bugs in the app, so, i dont think any use of it is secure, certainly not for minors, certainly not if your on some production box and using it either.. thatd be silly. my own thoughts and my own opinions, as you asked for. This little birdy says NO to FB :-( xdab On 27 October 2011 08:42, Adam Behnke <adam () infosecinstitute com> wrote:
Hello full disclosurites, what do you think about security in public APIs? **** ** ** Dan Morrill here at InfoSec Institute writes about how to insecurely and securely use APIs in the Facebook SDK:**** ** ** http://resources.infosecinstitute.com/api-security/**** ** ** Your thoughts?**** ** ** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Security risks in public APIs? Adam Behnke (Oct 26)
- Re: Security risks in public APIs? GloW - XD (Oct 26)