lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 27 Oct 2011 09:40:49 +1100
From: GloW - XD <doomxd@...il.com>
To: Adam Behnke <adam@...osecinstitute.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Security risks in public APIs?

My own thoughts is, aslong as FaceBook continues to live, there will always
be that million people who will not bother to worry, because afterall, its
not theyre website, so, why even bother to use a secure api... if you know
your security enough then, it is a well known target for any attack and will
continue to be attacked aslong as it stays big, it is a source of easily
gotten robots through spam and yes, bad links etc within facebook.
I know with myspace, it was nonstop worms and these worms were darn good,
using trick flash plugin exact pages to do theyre bidding to "view a friends
page' .... this kind of attacking and attacks wil always happen, so, the
security info is great for some but, really if you keep things *small* and
monitor who you add to the list of friends, you should never be *owned8 ,
then again, there will always exist the better social engineers.
I will conclude by saying, i dont have any facebook account, i have only
monitored what i have watched happen, over and over it seems with facebook,
and continues to have undisclosed bugs in the app, so, i dont think any use
of it is secure, certainly not for minors, certainly not if your on some
production box and using it either.. thatd be silly.
my own thoughts and my own opinions, as you asked for.
This little birdy says NO to FB :-(
xdab



On 27 October 2011 08:42, Adam Behnke <adam@...osecinstitute.com> wrote:

> Hello full disclosurites, what do you think about security in public APIs?
> ****
>
> ** **
>
> Dan Morrill here at InfoSec Institute writes about how to insecurely and
> securely use APIs in the Facebook SDK:****
>
> ** **
>
> http://resources.infosecinstitute.com/api-security/****
>
> ** **
>
> Your thoughts?****
>
> ** **
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ