[Owasp-ireland] A new Facebook flaw

Liam O Murchu liam_omurchu at symantec.com
Thu Mar 12 17:59:46 EDT 2009

Hi there,
	Here's another article talking about accessing face book photo albums too although using a different technique from the one you show below Dave.

Liam O Murchu
Sr. Software Engineer 
Security Response
Symantec Corporation 

Office: (424) 750-7851
Mobile: (310) 227-0829
liam_omurchu at symantec.com

-----Original Message-----
From: owasp-ireland-bounces at lists.owasp.org [mailto:owasp-ireland-bounces at lists.owasp.org] On Behalf Of davidrook
Sent: Thursday, March 12, 2009 1:52 AM
To: owasp-ireland
Subject: [Owasp-ireland] A new Facebook flaw

Hi everyone

I just wanted to share some information with you all. I was doing some 
research for a presentation last week and I came across a flaw in 
Facebook, in short it allows you to access any users photo albums 
without being a friend, being given the public link directly, being in a 
group with them, being logged in etc etc

The full details can be found here: http://securityninja.co.uk/blog/?p=198


David Rook      
Security Analyst
Realex Payments
Enabling thousands of businesses to sell online. 

Realex Payments Dublin: 
Castlecourt, Monkstown Farm, Monkstown, Co Dublin. Ireland
t: +353 (0)1 2808559 | f: +353 (0)1 2808538  | www.realexpayments.com

Realex Payments London: 
1 Lyric Square, Hammersmith, London W6 0NB, United Kingdom. 
t: +44 (0)20 3178 5370 | f: +44 (0)20 7691 7264  | www.realexpayments.co.uk

Realex Payments Paris: 
27 avenue de l'Opéra, 75001 Paris. France. 
t: +33 (0)1 70 38 51 37  | f: +33 (0)1 70 38 51 51 

Visit our other Realex Payments websites:

Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co. Dublin, Ireland and is registered in Ireland, company number 324929.
This mail and any documents attached are classified as confidential and are intended for use by the addressee(s) only unless otherwise indicated. If you are not an intended recipient of this email, you must not use, disclose, copy, distribute or retain this message or any part of it. If you have received this email in error, please notify us immediately and delete all copies of this email from your computer system(s). 

Owasp-ireland mailing list
Owasp-ireland at lists.owasp.org

More information about the Owasp-ireland mailing list