Email
Password
Remember meForgot password?
    Log in with Twitter
Blog Posted in avatar   Gerad Hoyt's Blog

Skype and Dropbox almost let your Facebook Get Hacked

blog:21037:0::0
By Gerad Hoyt
Posted Apr 5, 2013 in Internet
Good thing that white hat hacker Nir Goldshlager is around because he might have just stopped hackers from getting into your facebook account. For those who don't know, he's one of the top white hat hackers in the world.
Earlier this week Goldshlager aided both Skype and Dropbox fix a major security flaw that could have potentially allowed hackers to take over users' facebook profiles. The flaw is what's known as an open redirect vulnerability, which essentially is when a website doesn't validate the URL where it's sending visitors and their access tokens. If a site doesn't validate their redirects it can allow a hacker the ability to steal tons of personal info - for example open redirect vulnerabilities are often used in phishing attacks.
Both Skype and Dropbox were not validating their redirects so if a hacker knew someone who had their facebook account connected, they could use the Graph API explorer from facebook to find the persons facebook user ID. All the hacker would have needed to do was type in a right mertrics.skype.com URL with the user ID they found attached and then redirect to a site they controlled to get the person facebook access info. After this the hacker could basically do whatever Skype or Dropbox had been permissions to do like post to their wall.
Goldshlager isn't new to helping out with facebook related vulnerabilities; he's actually on top of the Facebook's White Hat Thank You list (literally) for reporting the most bugs. So thanks to Mr. Goldshlager for keeping the web safe once again!

blog:21037:0::0
Latest News
Top News