lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 08 Jan 2010 13:32:14 +0100
From: Carlos <carsato1@...oo.es>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Facebook Query Language (FQL) security issue

First of all, please excuse my language, it needs to be improved.

I did try the FQL query with three test accounts of mine and It was
successful. I could take the albums id and then the src of the pictures
in a particular album. Well, It isn't so difficult but you need some
knowledge or someone giving to you the code to paste to get the
information. I mean, it can be done when anyone has interest.

Did you told to Facebook about?
Do you have an answer from facebook yet?


Zerial. wrote:
>
> We have no privacy from FQL developers.
> Anyone with facebook account can use FQL.
> Then anyone can see our data.
>
> http://mkdot.net/blogs/slavco/archive/2009/12/29/11338.aspx
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists