| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4E6E0CB1.2090408@tehtri-security.com>
Date: Mon, 12 Sep 2011 15:44:17 +0200
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml@...tri-security.com>
To: full-disclosure@...ts.grok.org.uk
Cc: Laurent Estieux <laurent.estieux-ml@...tri-security.com>
Subject: [TEHTRI-Security] Facebook Security Issues
through HTML Iframes
Gents,
Here are humble thoughts about potential security issues against
facebook end-users, thanks to html iframes and evil crafted profiles/pages:
http://www.tehtri-security.com/en/news.php?id=73
We also shared a tiny proof of concept with javascript stuff, tracking
issues, and phishing simulation to grab login/password of some facebook
users.
Notice that we didn't share offensive source code, as we don't want evil
people to play against facebook end-users. We just want to help people
at being more paranoid when they are on Internet, and Facebook is a
great place for that.
Best regards.
Laurent ESTIEUX (CTO TEHTRIS) & Laurent OUDOT (CEO TEHTRIS)
TEHTRI-Security - "This is not a Game"
[w] http://www.tehtri-security.com/
[t] @tehtris
Register to our international training (2011):
- Hack In The Box - Kuala Lumpur - "HUNTING WEB ATTACKERS"
http://conference.hitb.org/hitbsecconf2011kul/?page_id=274
- Black Hat - Abu Dhabi - "ADVANCED PHP HACKING"
https://www.blackhat.com/html/bh-ad-11/training/bh-ad-11-training_PHP.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists