|
Full Disclosure
mailing list archives
Re: Another minor facebook security flaw
From: Jacqui Caren-home <jacqui.caren () ntlworld com>
Date: Wed, 21 Sep 2011 09:51:43 +0100
On 20/09/2011 06:04, James Fife wrote:
I noticed a recent flaw in Facebooks security resolution process recently. After being asked to confirm my identity
simply because I was using a different computer, I apparently took too long to
identify my friends in their photos. However, I was able to try two more times before being locked out. In which case
Facebook provided the exact same photos with the same selection of people to name
in order to confirm my identity. What this means is that I could conceivably attempt to logon to a victims Facebook
account from an unauthorized device to get such a prompt, and then take my time to
research the answers.
I dont have the link but there is a really neat image search engine. You point it at an
image (file->save image as?) and it will hunt down the URLs referencing similar images.
Have seen it used to find sites using "stolen" images - not sure if it would work
with fb image archives but worth a try.
Could prolly automate the whole thing with 20 lines of perl :-)
Jacqui
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
