« American Airlines Launches Facebook App: Guaranteed Failure
Facebook Automates Community Building »

Facebook Applications Prove Insecure

Posted by Nick O'Neill on March 28th, 2008 11:30 AM

Chris Soghoian has an interesting article about how a number of application developers are failing to protect against extremely basic security risks. For instance, a user can monitor all post and get requests (a system for passing data from a form which prompts users for information) coming from an application form and modify it prior to submitting the data to the application server.

The result is that hackers could theoretically spoof their identity. This is an issue that most websites are also vulnerable to. Not only are these applications vulnerable to potential spoofing attacks but occasionally they are at risk of typical SQL injection attacks. The experienced developer will build these protections into their scripts.

Given that many of these applications aren’t built by experienced developers though, there is an increasing risk that sensitive data gets manipulated. Personally, I think there are enough protections in place on Facebook’s end but the Surveillance State team is trying to paint a different picture.

I’m sure we will occasionally see an application get exploited but for the most part, Facebook has done a pretty good job in protecting against security risks.

Posted in News
Digg Icon Digg this article Del.icio.us Icon Save to del.icio.us Share Share on Facebook

This entry was posted on Friday, March 28th, 2008 at 11:30 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Viewing 2 Comments

Trackbacks

blog comments powered by Disqus