|
Love Facebook? Many do. The social networking site can officially be proclaimed the web's new number one phenomenon, drawing the young and old into a complex and entertaining framework that employs concepts from dating to games to, of course, photos. Unfortunately, all that popularity makes it a dangerous place -- a bit like downtown NYC -- and vulnerable to some pretty significant flaws. (Source: itbusiness.ca)
According to security analyst Elazar Broad, another critical vulnerability has been discovered in Facebook's Aurigma ImageUploader control. It's not the first problem to affect this particular function; in a statement, Broad stated, "The control is vulnerable to a stack-based buffer overflow in the ExtractExif and ExtractIptc properties. See the exploit code for buffer offsets. Other properties may be vulnerable as well to a DoS and/or code execution." (Source: zdnet.com) Granted, that sounds like a whole lot of mumbo jumbo to the average Facebook user. Understand that it's very similar to other issues that have been bubbling to the surface on the site of late, including a flaw discovered last week that allowed attackers to nail a Windows-based system through rigged web pages. Security experts are offering up a pair of possible fixes for this problem in particular. Users can disable the uploader tools involved in the flaw, or go ahead and completely disengage the ActiveX component. Given the number of problems with this control in recent weeks, it seems the security gurus are leaning towards the latter. With Facebook now being utilized as both a personal and business tool, these kinds of threats are almost sure to multiply.
-- Related newsletter articles:
2007/11/29 Syria Slams the Door on Facebook (facebook)
2007/11/20 Playstation 3 First Console to Get Internet Security Software (security)
2007/11/09 Microsoft's Intentions for Facebook Revealed (facebook)
2007/12/19 Facebook Faces Hackers in Court (facebook)
2007/11/26 Facebook Ad System Slammed for Privacy Invasion (facebook)
2007/11/26 New Timex Watch iControls iPod (control)
2007/12/27 Facebook Settles Texting Dispute (facebook)
2008/01/18 14-year-old Hacker Derails Train (control)
2007/11/15 U.S. Government Grapples with Security (security)
2007/11/29 Facebook Impacting 2008 Election Coverage? (facebook)
2008/01/21 Scrabulous Not Fabulous, Say Copyright Holders (facebook)
2008/02/10 Facing the Consequences of Facebook (facebook)
2007/11/23 Security Companies Brace for 'Black Friday' (security)
2007/12/19 Microsoft Updates Hinder More than Help (security)
2008/02/13 Government Changes Policy After Blog Comments (security)
2008/01/08 Where do the Presidential Candidates Stand on Technology? (control)
-- Recent articles (from all channels): 2008/05/13 Today in History: for Tuesday, May 13, 2008
2008/05/13 [ShellX 20080513]: 'Drive Spacio', and 'Youtube Batch Downloader'
2008/05/13 Congressman Calls For Second Life Ban In Schools
2008/05/13 Trying to Exit MS Excel 2007
2008/05/13 Problems Reported With Windows XP SP3
2008/05/12 [ShellX 20080512]: 'Remote Manager', and 'Cyber Bandwidth ...
2008/05/12 Video Gaming Trade Group Struggling
2008/05/12 T-Mobile Finally Joins 3G Phone Race
2008/05/12 Apple Slammed by Environment Watchdog
2008/05/09 [ShellX 20080509]: 'Advanced Run', and 'Diver Windows Manager'
2008/05/09 Texas Refuses Facebook Friend Request
2008/05/09 Photo-Enforcement Technology Replaces Officers On Patrol
2008/05/09 Cuban Government Says 'Ok Computer'
2008/05/09 Excel Can E-Mail Your Weekly Reports For You!
2008/05/08 [ShellX 20080508]: 'Shell Enhancer', and 'Lansweeper'
2008/05/08 Xobni: MS Outlook Social Networking Technology for your Inbox
2008/05/08 Music Companies Jump on GTA IV Bandwagon
2008/05/08 Fascinating: Memristor to replace Binary
2008/05/08 Adobe Hopes To Make Flash Master Of The (Mobile) Universe
2008/05/08 Spiffy Envelopes and Labels in MS Word
2008/05/07 [ShellX 20080507]: 'Winbin2iso', and 'Loop Typer'
2008/05/07 Yahoo Adds Security Warnings To Search Results
2008/05/07 Apple to Lose Money on iTunes Movie Releases
2008/05/07 Amazon.com takes New York Tax to Court
2008/05/07 Need Glasses for the Slide Sorter View in MS PowerPoint?
2008/05/07 After Winning The DVD Format War, Blu-Ray Sales Tank
2008/05/06 [ShellX 20080506]: 'Visual Basic 6.0 Portable', and 'Double-...
2008/05/06 Yahoo Outsources to Jajah
2008/05/06 New HP Circuit Could Change Technology Forever
2008/05/06 Movie Downloads To Match DVD Release Dates
2008/05/06 Microsoft Ends Yahoo Bid
|
