Facebook almost poned in website fraud.
| Position | YOUR LIFE |
A Facebook security vulnerability discovered by a pair of doctoral students at the School of Informatics and Computing at Indiana University, Bloomington, that allowed malicious websites to uncover visitors' real names, access their private data, and post bogus content on their behalf has been repaired, Facebook maintains.
The vulnerability discovered by Rui Wang and Zhou Li enabled malicious websites to impersonate legitimate ones, then obtain the same data access permissions on Facebook that those legitimate websites had received. Wang and Li say the vulnerability occurred when a user informed Facebook of his or her willingness to share information with popular websites like ESPN.com or YouTube. Whenever a website makes such a request to Facebook, via the user's browser, Facebook passes a secret random string called an authentication token back to the requester for identification. Whoever holds that authentication token can convince Facebook that he or she is, let us say, ESPN.com, and then gain unfettered access to the shared data.
[ILLUSTRATION OMITTED]
Facebook confirmed the discovery and, in a statement, said the problem has been repaired and that the belief was that no sites had been compromised.
The researchers identified a flaw in the way the token was transmitted using two flash objects: one inside Facebook's iframe passes the token to the second, which, in this case would be embedded at ESPN.com. The transfer mode can be selected through "transport='flash'" with the security guarantee being that both flash objects are supposed to come from the same domain (Le., Facebook) before they can talk.
The researchers found, however, that such a same-domain assumption is not always valid because Adobe Flash allows cross-domain communication with an unpredictable domain name that is prepended by an underscore symbol in the connection name. This allows an attacker website to steal an authentication token by choosing the "transport='flash'," repeating the...
To continue reading
Request your trialCOPYRIGHT GALE, Cengage Learning. All rights reserved.
Subscribers can access the reported version of this case.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see a list of all the cited cases and legislation of a document.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see a list of all the documents that have cited the case.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see the revised versions of legislation with amendments.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see any amendments made to the case.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.
Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.
You can sign up for a trial and make the most of our service including these benefits.
Why Sign-up to vLex?
-
Over 100 Countries
Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
-
Thousands of Data Sources
Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
-
Find What You Need, Quickly
Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
-
Over 2 million registered users
Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.