Tuesday, November 03, 2009

Facebook has holes in its mobile web authentication

From www.jumpingmoose.ca:

A Facebook user awoke to find this phrase on her list of Wall posts:

"[FB User] made $130 today working at home! go to WorkHomeMyself.com to see how you can start also! jdx"

It was posted via the "Mobile Web" and the user doesn't have that functionality set up, so Facebook may be facing a real flaw in their authentication if hackers can slapshot a post into an account, bypassing users' authentication and FB's system set-ups. At present, there is no sign of people with Mobile Web enabled being hacked.
Thanks: WorkHomeMyself.com


Where are these scamsters from? China.


Whois Server: grs.hichina.com

Domain Name ..................... WorkHomeMyself.com
Name Server ..................... dns21.hichina.com
dns22.hichina.com
Registrant ID ................... hc922682576-cn
Registrant Name ................. SHAOHUA QIN
Registrant Organization ......... QINSHAOHUA
Registrant Address .............. CAIHONGXINCUN54.202
Registrant City ................. NB
Registrant Province/State ....... ZJ
Registrant Postal Code .......... 501768
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.057488101927 -
Registrant Fax .................. +86.057488101927 -
Registrant Email ................ caihongxq@sina.com
Administrative ID ............... hc922682576-cn
Administrative Name ............. SHAOHUA QIN
Administrative Organization ..... QINSHAOHUA
Administrative Address .......... CAIHONGXINCUN54.202
Administrative City ............. NB
Administrative Province/State ... ZJ
Administrative Postal Code ...... 501768
Administrative Country Code ..... CN
Administrative Phone Number ..... +86.057488101927 -
Administrative Fax .............. +86.057488101927 -
Administrative Email ............ caihongxq@sina.com
Billing ID ...................... hichina001-cn
Billing Name .................... hichina
Billing Organization ............ HiChina Web Solutions Limited
Billing Address ................. 3/F., HiChina Mansion
No.27 Gulouwai Avenue
Dongcheng District
Billing City .................... Beijing
Billing Province/State .......... Beijing
Billing Postal Code ............. 100011
Billing Country Code ............ CN
Billing Phone Number ............ +86.01064242299 -
Billing Fax ..................... +86.01064258796 -
Billing Email ................... domainadm@hichina.com
Technical ID .................... hichina001-cn
Technical Name .................. hichina
Technical Organization .......... HiChina Web Solutions Limited
Technical Address ............... 3/F., HiChina Mansion
No.27 Gulouwai Avenue
Dongcheng District
Technical City .................. Beijing
Technical Province/State ........ Beijing
Technical Postal Code ........... 100011
Technical Country Code .......... CN
Technical Phone Number .......... +86.01064242299 -
Technical Fax ................... +86.01064258796 -
Technical Email ................. domainadm@hichina.com
Expiration Date ................. 2010-10-14 06:25:35

No comments: