Facebook applications security flaw fixed

facebook attempts to get ny mans claim of ownership thrown out logoA security flaw concerning Facebook applications that allowed advertisers to access user profiles has now, according to the social networking site, been dealt with.

Internet security firm Symantec said in a blog post that third parties “have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information.”

Symantec’s Nishant Doshi, who discovered the issue along with co-worker Candid Wueest, pointed out that most of these third parties will not have known about the flaw. “Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue,” Doshi said in the post.

Doshi explained that some Facebook applications inadvertently leaked what are called “access tokens” to third parties. Facebook applications are programs integrated into the Facebook website that enable users to shop and play games, among other things.

“We estimate that as of April 2011, close to 100,000 applications were enabling this leakage [and that] over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties,” Doshi said.

The access tokens are described as being like spare keys that can be used to carry out certain actions on behalf of a user or to access the profile of a user. Doshi explained that “each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.”

In an email to the Wall Street Journal, a spokeswoman for Facebook said, “We’ve conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorized third parties.”

According to Doshi, Facebook has been taken steps to fix the flaw to prevent further token leaks. He added, however, that “we fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers.”

If any Facebook users are still worried about security with regards to this issue, Doshi has some useful advice: “Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile.”

With a site as massive as Facebook, security issues are bound to hit the headlines from time to time. In January the social networking site beefed up security by incorporating HTTPS capability. This came in the wake of a study conducted by Digital Society that looked at the basic security functions of some popular websites – Facebook didn’t come out of that too well. In January, the fan page of Facebook CEO Mark Zuckerberg was hacked (though his personal page remained intact) and was taken down. Worshippers of the man will be happy to know that the page is back up.

Computing

Latest Facebook bug exposed up to 6.8 million users’ private photos

An API bug recently left an impact on Facebook users. Though the issue has since been fixed, some of the apps on the platform had a wrongful access to consumers photos for 12 days between September 13 and September 25. 
Computing

These are the worst passwords of 2018. Is yours on this list?

Do you use a bad password that makes your online accounts easy to break into? SplashData has compiled a list of the top 100 worst passwords for 2018 and there are quite a few listings that were carryovers from prior lists.
Mobile

Apple's iOS 12.1.1 makes it easier to switch cameras in FaceTime

After months of betas, the final version of iOS 12 is here to download. The latest OS comes along with tons of new capabilities, from grouped notifications to Siri Shortcuts. Here are all the features you'll find in iOS 12.
Computing

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.
Computing

How to connect AirPods to your MacBook

If you have new AirPods, you may be looking forward to pairing them with your MacBook. Our guide will show you exactly how to connect AirPods to MacBook, what to do if they are already paired with a device, and more.
Computing

Hitting ‘Check for updates’ in Windows 10 opts you into beta releases

Users who are careful about keeping their system updated should watch out -- Microsoft revealed this week that clicking the Check for updates button in Windows can opt you in to testing beta code.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Booze-filled ski poles and crypto piggy banks

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Product Review

The Asus ZenBook 14 is a tiny notebook that gets lost in the crowd

The ZenBook 14 aims to be the smallest 14-inch notebook around, and it succeeds thanks to some tiny bezels. Performance and battery life are good, but the notebook lacks a standout feature other than size.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Which Macs are compatible with MacOS Mojave?

Is your computer ready for Apple's big Mojave update? Here's what you need to know about MacOS Mojave compatibility, what Macs can successful download Mojave, and the requirements you need to know about.
Computing

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.
Gaming

The DualShock 4 is one of the best controllers ever, and you can use it with a PC

Sony's new DualShock 4 controller has become a fan favorite, and some people want to use it with a PC. Here's how to connect your DualShock 4 and start using it, either with an official adapter, or unofficial software.
Computing

MacBook Pro battery replacement: Everything you need to know

Looking for a new battery for your MacBook Pro? It's important you know what to look for, what model you have, and what options Apple gives you! We'll cover everything you need to know about Apple MacBook Pro battery replacement.
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.