Facebook apps accidentally leak personal data, Symantec says

By on May 11, 2011 at 5:22 PM.

Facebook apps accidentally leak personal data, Symantec says

According to security firm Symantec, some advertisers on Facebook may have had access to your person profile, photographs and chats thanks to a security leak that was enabled by close to 100,000 Facebook applications. Thankfully, Symantec doesn’t think the advertisers ever knew that they had access to the personal data, and Facebook has already “taken corrective action to help eliminate this issue.” Symantec said that Facebook IFRAME applications were leaking “access tokens” — think of them as “spare keys” — that are granted to Facebook applications. While Facebook now uses OAUTH2.0 for authenticating users, hundreds of thousands of older applications still use a different authentication method. “There’s no good way to estimate how many access tokens have already been leaked since the release of Facebook applications back in 2007,” the report said, but Symantec thinks some may still be available through log files in third-party servers. Symantec advises Facebook users to change their passwords to invalidate those floating access tokens. More →

19 Comments

Yahoo! fixes Windows Phone 7 and iPhone IMAP data leak issue

By on March 14, 2011 at 11:22 PM.

Yahoo! fixes Windows Phone 7 and iPhone IMAP data leak issue

Yahoo! has reportedly fixed an IMAP bug that caused the iPhone and Windows Phone devices to transmit loads of superfluous data over 3G. The bug worked like this: when a user went to check their email, the server would send more information to a user’s phone than was required to just check mail. This resulted in people accidentally consuming loads of rouge data each month. Microsoft first responded to the issue back in January after Windows Phone users began complaining about alerts stating that they were nearing their monthly data cap. On February 1st, Microsoft said that it had determined that the bug was caused by an inefficiency in the Yahoo! Mail email client and that the problem would be fixed in an upcoming update. Just two days later, programmer Rafael Rivera took the situation into his own hands, and during his investigation, discovered that the bug wasn’t just confined to Windows Phone 7 devices — it was also present on the iPhone. Just recently, Rivera updated his blog noting that Yahoo had fixed the issue and has upgraded its software from version 0.7.65_12.286037 to version 0.7.65_14.298026. More →

1 Comment