Full Disclosure mailing list archives
Re: Another minor facebook security flaw
From: adam <adam () papsy net>
Date: Wed, 21 Sep 2011 04:37:08 -0500
TinEye never used to index Facebook, has that changed? Even if it has, there's a half a dozen things wrong with that entire concept. I've hit the /roadblock page quite a few times, and I've never been given the same set of images. So unless it's easily reproducible (and wasn't just a fluke for that account), I don't see the issue here. To even be able to get to that page, you need the user's email address and password, no? Secondly, I've only ever had to "verify my identity" after significant changes in location. For example, a user who has only ever logged in from Saint Louis, MO, one day randomly logging in from the UK would almost definitely trigger it. Whereas logging in from the same city (and often ISP) as the target, I've never been presented with it. Keeping that in mind, wouldn't it make more sense to simply use a proxy as close to the target [geographically] as possible? Although, there's another flaw I noticed a while back with the image sets, that may or may not still be present. In my tests, the majority of the pictures being displayed were defaults - which I think is a way bigger issue considering it'd take all of 5 minutes to write a script that scans the users' friends and compares presented image with [user]'s image. On Wed, Sep 21, 2011 at 3:51 AM, Dan Dart <dandart () googlemail com> wrote:
there is a really neat image search engine. You point it at an image (file->save image as?) and it will hunt down the URLs referencingsimilar images. You're probably thinking of TinEye (tineye.com) but Google Images does it now too. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Another minor facebook security flaw James Fife (Sep 20)
- Re: Another minor facebook security flaw Jacqui Caren-home (Sep 21)
- Re: Another minor facebook security flaw Dan Dart (Sep 21)
- Re: Another minor facebook security flaw adam (Sep 21)
- Re: Another minor facebook security flaw Dan Dart (Sep 21)
- Re: Another minor facebook security flaw Jacqui Caren-home (Sep 21)