Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Another minor facebook security flaw

From: Jacqui Caren-home <jacqui.caren () ntlworld com>
Date: Wed, 21 Sep 2011 09:51:43 +0100
On 20/09/2011 06:04, James Fife wrote:

I noticed a recent flaw in Facebooks security resolution process recently. After being asked to confirm my identity 
simply because I was using a different computer, I apparently took too long to
identify my friends in their photos. However, I was able to try two more times before being locked out. In which case 
Facebook provided the exact same photos with the same selection of people to name
in order to confirm my identity. What this means is that I could conceivably attempt to logon to a victims Facebook 
account from an unauthorized device to get such a prompt, and then take my time to
research the answers.


I dont have the link but there is a really neat image search engine. You point it at an
image (file->save image as?) and it will hunt down the URLs referencing similar images.

Have seen it used to find sites using "stolen" images - not sure if it would work
with fb image archives but worth a try.

Could prolly automate the whole thing with 20 lines of perl :-)

Jacqui

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: