{"id":1187,"date":"2013-02-26T10:53:12","date_gmt":"2013-02-26T15:53:12","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1187"},"modified":"2013-02-26T10:53:12","modified_gmt":"2013-02-26T15:53:12","slug":"researcher-finds-flaw-that-grants-access-to-any-facebook-account","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/02\/26\/researcher-finds-flaw-that-grants-access-to-any-facebook-account\/","title":{"rendered":"Researcher finds flaw that grants access to any Facebook account"},"content":{"rendered":"<p>A security expert recently outlined steps on his blog that allowed him to gain unprecedented access to anyone\u2019s Facebook account. Nir Goldshlager said a flaw in Facebook\u2019s OAuth service, which is used to by developers to solicit permission from users to access data when using an app, granted full access to every Facebook account.<br \/>\nIf you use Facebook, you\u2019re already familiar with the OAuth service \u2013 it\u2019s that small \u201callow\u201d button you have to click to give a developer access to certain data. But by modifying the OAuth URL, Goldshlager was able to access the inbox, outbox, photos, videos and more of anyone he wanted.<br \/>\nTypically a person would still have to click the \u201callow\u201d button but by going through Facebook\u2019s messaging app, he was able to circumvent this step that worked on all browsers. The flaw would work until a user changed their password, he said, because the token had no expiration date.<br \/>\nInstead of exploiting the bug for his own personal gain, Goldshlager worked with Facebook\u2019s White Hat Program to get the vulnerability patched. The White Hat Program rewards security researchers that bring vulnerabilities to the social network\u2019s attention.<br \/>\nA spokesperson for Facebook said that due to the responsible reporting of the issue, there is no evidence that users were impacted by the bug. Facebook further said they provided a bounty to the researcher as thanks for their contribution although they didn\u2019t disclose the amount of the reward.<br \/>\nvia <a href=\"http:\/\/www.techspot.com\/news\/51749-researcher-finds-flaw-that-grants-access-to-any-facebook-account.html\" target=\"_blank\">Researcher finds flaw that grants access to any Facebook account &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A security expert recently outlined steps on his blog that allowed him to gain unprecedented access to anyone\u2019s Facebook account. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,8],"tags":[347,455,850],"class_list":["post-1187","post","type-post","status-publish","format-standard","hentry","category-security","category-social-media","tag-facebook","tag-hacking","tag-privacy-flaw"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-j9","jetpack-related-posts":[{"id":8910,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/05\/04\/facebook-pays-10000-to-10-year-old-for-finding-instagram-flaw-that-allowed-comments-to-be-deleted\/","url_meta":{"origin":1187,"position":0},"title":"Facebook pays $10,000 to 10-year-old for finding Instagram flaw that allowed comments to be deleted","author":"NCCT","date":"May 4, 2016","format":false,"excerpt":"By Rob Thubron | TechSpot You have to be at least 13 years old to have an account on Instagram, but this didn\u2019t stop one 10-year-old Finnish boy from exposing a vulnerability in the Facebook-owned photo-sharing application and winning $10,000 for his work. Helsinki-based Jani (his parents didn\u2019t reveal his\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6209,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/12\/classic-facebook-color-changer-scam-makes-another-comeback\/","url_meta":{"origin":1187,"position":1},"title":"Classic Facebook &#8220;Color Changer&#8221; scam makes another comeback","author":"NCCT","date":"August 12, 2014","format":false,"excerpt":"On Facebook, some scams are so alluring that they seem to live forever. So it goes with \u201cFacebook Color Changer,\u201d a new malware attack that masquerades as a way to change the appearance of Facebook\u2019s Website. Security firm Cheetah Mobile claims that the latest scam has affected more than 10,000\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8767,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/security-vulnerabilities-found-in-support-software-from-lenovo-toshiba-and-dell\/","url_meta":{"origin":1187,"position":2},"title":"Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Lucian Constantin | PCWorld The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8004,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/10\/latest-version-of-os-x-closes-backdoor-like-bug-that-gives-attackers-root\/","url_meta":{"origin":1187,"position":3},"title":"Latest version of OS X closes Backdoor-like bug that gives attackers root","author":"NCCT","date":"April 10, 2015","format":false,"excerpt":"For at least four years, a bug in Apple's OS X gave untrusted users\u2014and possibly remote hackers with only limited control of their target\u2014unfettered \"root\" privileges over Macs. The vulnerability is being called a \"hidden backdoor\" by Emil Kvarnhammar, the security researcher who discovered the bug and privately reported it\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2015\/04\/backdoor-640x425.png?resize=525%2C300 1.5x"},"classes":[]},{"id":9516,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/02\/03\/to-the-woodshed-with-you-this-week-in-tech-704\/","url_meta":{"origin":1187,"position":4},"title":"To the Woodshed With You! &#8211; This Week in Tech 704","author":"NCCT","date":"February 3, 2019","format":false,"excerpt":"https:\/\/youtu.be\/14UX3TQ0K3Q FaceTime Flaw, Apple Spanks Facebook and Google, Huawei Suspicions, FBI Wants Your DNA, and more. \u2022 How to Watch the Superbowl Commercials Without All That Annoying Football \u2022 Apple's Not So Horrible Quarterly Earnings \u2022 Facetime Flaw Dulls Apple's Privacy Shine \u2022 Apple Spanks Facebook and Google for Data\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/14UX3TQ0K3Q\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7093,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/12\/facebook-plans-to-use-advanced-ai-to-stop-you-from-putting-up-embarrassing-selfies\/","url_meta":{"origin":1187,"position":5},"title":"Facebook plans to use advanced AI to stop you from putting up embarrassing selfies","author":"NCCT","date":"December 12, 2014","format":false,"excerpt":"Facebook is currently working on advanced Artificial Intelligence which will allow you to ponder on your decision before uploading potentially embarrassing selfies in situations where you might be..... drunk. This information comes via Wired's interview with Yan Lecun, an executive who oversees Facebook\u2019s Artificial Intelligence Research lab. He described it\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1187","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1187"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1187\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}