Researchers Claim Flaws In Facebook; Facebook Calls Them Best Practices

  /     /     /  
Publicated : 22/11/2024   Category : security


Researchers Claim Flaws In Facebook; Facebook Calls Them Best Practices


Short passwords, non-SSL-encrypted forms are criticized by Cenzic



Researchers at security vendor Cenzics labs say they have discovered vulnerabilities in Facebooks logins and passwords, but the social networking site says the issues are not security flaws.
We disclosed our findings to Facebook in hopes that they would want to fix the problems, says Mandeep Khera, head of marketing at Cenzic. In several cases, they rejected the idea that these are vulnerabilities -- they called them best practices that make [the site] easier to use.
Among the flaws that Cenzic found were applications that can link to Facebook using a six-character password that is not case-sensitive, Khera says. A six-character password could be broken in a matter of minutes, he says. But Facebook calls this a best practice because it makes it easier for the user.
Similarly, Cenzic found that some data on Facebook is sent in the clear, Khera says. You use SSL to get into the forms, but when you fill out the form and send it back, that data does not go over SSL, he says. Facebook rejected this vulnerability also, according to Khera.
Cenzic found other issues related to authentication and handling of passwords on Facebook, but the social networking site does not plan to do anything about them, Khera says.
To help social networking sites identify this type of flaw, Cenzic’s new
LikeSec program
is offering all social networking sites and their application developers a free HealthCheck, which includes a vulnerability assessment using Cenzic’s Cloud offering.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Claim Flaws In Facebook; Facebook Calls Them Best Practices