1. A
    7

    Ali Akbar Popular Pakistani Staff Member

    Attention please !

    Penetration testing company Sakurity releases Reconnect which exploits Facebook Login vulnerability and allows hackers to take over sites using it.

    Pentesting company Sakurity has released new tool allows hackers to generate URLs that can hijack accounts on sites that use Facebook Login. Blaming Facebook for dismal security in its Login options, Sakurity said that they had released the tool to test websites like Booking.com, Bit.ly, About.me, Stumbleupon, Angel.co, Mashable.com, Vimeo and many others.

    The tool, dubbed Reconnect, was released last week by Egor Homakov, a researcher with Sakurity and it takes advantage of a cross-site request forgery (CSRF) issue in Facebook Login.

    Every website with “Connect Facebook account and log in with it” is vulnerable to account hijacking. Every website relying on signed_request (for example official JS SDK) is vulnerable to account takeover, as soon as an attacker finds a 302 redirect to other domain. I don’t think these will be fixed, as I’ve heard from the Facebook team that it will break compatibility. I really wish they would fix it though as you can see below, I feel these are serious issues,” noted Homakov on his blog then.

    Facebook says that it had made it harder for the hackers to exploit the vulnerability without affecting the functionality of the OAuth token. It has also said that sites using the Facebook login authorisation token can prevent exploitation by following their best practices and using the ‘state’ parameter Facebook provides for OAuth Login.”


     
    Tags:
    Kool Kat and M Shah like this.
  2. A
    7

    Ali Akbar Popular Pakistani Staff Member

  3. M Shah
    16

    M Shah Account Closed

  4. Veer
    26

    Veer Famous Pakistani Staff Member

    Until this is fixed I think we better turn off the facility of Login with Facebook @Saad Sheikh

    Thanks for sharing bro.
     
    M Shah likes this.
  5. M Shah
    16

    M Shah Account Closed

    it means m out ..ma account z associated with facebook !
     
  6. Veer
    26

    Veer Famous Pakistani Staff Member

    I don't think so.. how do you login at Pakistan web?
     
    M Shah likes this.
  7. M Shah
    16

    M Shah Account Closed

    login with facebook !! i have not created a separate account for Pakistan.web.pk
     
  8. Veer
    26

    Veer Famous Pakistani Staff Member

    wow you really need to worry about your account, I'd highly recommend you go to this page https://www.pakistan.web.pk/account/security and set a password. If it do no allow you then logout and open this page Lost Password | Pakistan Social Web enter your Name or Email and submit, you'll receive email and instructions on how to get a new password :)

    Note: no need to remove your facebook association, keep it as it is.
     
    M Shah likes this.
  9. M Shah
    16

    M Shah Account Closed

    :thumbs up animated: Bravo u did it bro :)
     
  10. Veer
    26

    Veer Famous Pakistani Staff Member

    Have you set a new password?
     
    M Shah likes this.
Loading...