Facebook to attack its 70 million users

Facebook being the seventh most used web site on the planet with over 70 million users to its credit is facing xss attacks.If you don’t know what xss is then it is one of the top ten vulnerabilities on the Internet (In fact, Xss tops the list!)

Cross-site scripting (XSS) is a security vulnerability of dynamic Web pages generated from information supplied to the web server and replayed as part of the response to the browser.

In this cross scripting XSS attack, a malicious user creates a link with an unwanted executable script into a Web site. When some one from facebook clicks the link, the malicious script (usually JavaScript) can then send the victims’ cookie away to a CGI script.

More info read The Cross Site Scripting

This is a serious vulnerability for 70 million Facebook users! An example of the attack is available here (Harmless)

Bonus Information - Adrienne Felt from the University of Virginia School of Engineering, wrote an interesting paper on security and the Facebook platform called “Defacing Facebook: A Security Case Study,” which can be downloaded from here.

Update – xssed said the bug is fixed.

Written by Sidharth on May 26th, 2008

Self-proclaimed geek, editor of blogote, who loves all things tech.