Facebook EXE attachment Vulnerability can Compromise with Users Security

Facebook EXE attachment Vulnerability can Compromise with Users Security. It can easily attach EXE files in messages, causing possible User Credentials to be Compromised. Note, you do NOT have to be friends with the user to send them a message with an attachment. The vulnerability was discovered by Nathan Power from SecurityPentest. It was discovered the variable ‘filename’ was being parsed to determine if the file type is allowed or not. To subvert the security mechanisms, we modified the POST request by appending a space to our filename variable like so:

Source: https://thehackernews.com/2011/10/facebook-exe-attachment-vulnerability.html

Something Fresh

What to Know About The Jamaica Data Protection Act

St Vincent and the Grenadines embracing CariSECURE

Jamaica's Gov’t Looking to Finalize Data Protection Act Regulations

What People Reading

Feedback and data-driven updates to Googles disclosure policy

Mozilla Says Google's New Ad Tech - FLoC - Doesn't Protect User Privacy

Certificate Security in the Wild West

This Week's TV: Felicia Day Plays a Hacker with a Dungeons and Dragons Tattoo

Selling technology to cops, part 2

Categories

Partners

Just add here your partners image or promo text