Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Time to change your facebook password?

Published: 2011-05-10
Last Updated: 2011-05-10 22:50:45 UTC
by Swa Frantzen (Version: 1)
2 comment(s)

Facebook and privacy, they seem contradictory at times, yet it's used by about 500 million users for stuff that they might want to keep a bit private in the end.

According to Symantec and El Reg, there is a problem that allowed apps to leak access tokens that remain valid. Apparently there are 100,000 apps that leak these tokens and they might sit in log files of e.g. advertisers waiting to be abused.

The good news is that we can do something to invalidate the access tokens: change our password!

So for those not knowing where to change the facebook password: it's in the upper right the "account" menu: choose "Account Settings" and then the 4th change is for the password.

Facebook, to their credit seems to have reacted as well and is going to move away from the older access tokens.

--
Swa Frantzen -- Section 66

Keywords: facebook privacy
2 comment(s)
Diary Archives