[Full-disclosure] [TEHTRI-Security] Facebook Security Issues through HTML Iframes

---

• From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml@xxxxxxxxxxxxxxxxxxx>
• Date: Mon, 12 Sep 2011 15:44:17 +0200

---

Gents,

Here are humble thoughts about potential security issues against
facebook end-users, thanks to html iframes and evil crafted profiles/pages:

http://www.tehtri-security.com/en/news.php?id=73

We also shared a tiny proof of concept with javascript stuff, tracking
issues, and phishing simulation to grab login/password of some facebook
users.

Notice that we didn't share offensive source code, as we don't want evil
people to play against facebook end-users. We just want to help people
at being more paranoid when they are on Internet, and Facebook is a
great place for that.

Best regards.

Laurent ESTIEUX (CTO TEHTRIS) & Laurent OUDOT (CEO TEHTRIS)


TEHTRI-Security - "This is not a Game"
[w] http://www.tehtri-security.com/
[t] @tehtris

Register to our international training (2011):

- Hack In The Box - Kuala Lumpur - "HUNTING WEB ATTACKERS"
http://conference.hitb.org/hitbsecconf2011kul/?page_id=274

- Black Hat - Abu Dhabi - "ADVANCED PHP HACKING"

https://www.blackhat.com/html/bh-ad-11/training/bh-ad-11-training_PHP.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

---

• Prev by Date: [Full-disclosure] [SECURITY] [DSA 2304-1] squid3 security update
• Next by Date: [Full-disclosure] Orion SolarWinds XSS attack
• Previous by thread: [Full-disclosure] [SECURITY] [DSA 2304-1] squid3 security update
• Next by thread: [Full-disclosure] Orion SolarWinds XSS attack
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Full-Disclosure  > 2011-09