[Khuyên] Bạn nên đổi mật khẩu của facebook - 11/5/2011

Facebook confirmed a security problem with their old, proprietary authentication system: When using Facebook Apps like games or similar, the access token – something like a key to your Facebook account – could leak to some advertisers which were showing ads then. With this access token, it is possible to impersonate the user: Post in the users name, getting access to all information and so on. Facebook say that they now have taken counter measures so these leaks can’t occur anymore – but in the old logfiles of the advertisers, those access tokens can still be found. As Facebook now support OAuth 2.0, the company advises App providers to switch to this open and mature authentication system – which Google, Yahoo, Twitter and so on support as well. Users should change their Facebook password, which invalidates the old access token and generates a new one. This way, advertisers can’t abuse the token anymore even if they start data mining their logfiles for access tokens now

Old Facebook Authentication Flow:

<?php
  $url='http://www.facebook.com/login.php?api_key=[YOUR_API_KEY]    
  &connect_display=popup&v=1.0&next=[YOUR_URI]
  &cancel_url=http://www.facebook.com/connect/login_failure.html
  &fbconnect=true&session_key_only=true';

  header('location:' . $url);
?>
.....
....
Source: 
https://developers.facebook.com/blog/post/497

http://techblog.avira.com/2011/05/11/change-your-facebook-password/en/

http://hueniverse.com/2010/05/introducing-oauth-2-0/

Comments

Popular posts from this blog

[Hack crack] Tổng hợp Google Dork

[Hack Crack] Full SQL inject cheat sheet - DarkGh0st Team

[Hack crack] Tổng hợp Google Dork 1