Facebook mends security flaw that threatened users

The latest update to Facebook's mobile app has fixed a security flaw that could have seen users' mobile phone bills suddenly increase.

The vulnerability made it possible for scammers to cause a denial-of-service attack on the device or run up the victim's phone bill by transferring large amounts of data to and from the handset.

Researchers at a foundation in Argentina discovered the flaw, which lies in the way the app handles HTTP requests. As part the video playback process, the app's HTTP server will accept requests from any client, making it vulnerable to attack.

"The application embeds a generic HTTP server component that is used as a caching proxy for playing video recordings. This server is misconfigured and accepts requests from any client, local or remote, allowing attackers to connect to it and use a victim's device as an open proxy. As a result, among other things, an attacker could carry out various forms of denial of service attacks such as filling up the device's storage or running up the subscriber's data transfer limit over 3G or LTE networks," the report said.

The update also fixes two other security flaws within the Facebook app, one that allows attackers to intercept video content and another that could leak audio recordings of chat messages. The latter issue was also present in the Facebook Messenger application for Android.

The Facebook app vulnerabilities were fixed with the release of version earlier this month.


Xbox Get’s A Surprise Update But Hololens Knocked Our Socks Off

An Xbox upgrade and Projet X-Ray amaze at Microsoft Devices launch.

T-Mobile Breach Really? Defenses And Obama (and Congress) Incompetence

So how would someone just breach the T-Mobile records and why? This is infuriating.

A racist scientist doesn’t want immigration friendly countries to use his software.

I always thought education was a good tool to fight bigotry, apparently I was wrong. A German scientists, Gangolf Jobb, is revoking the licence for his bioinformatics software, Treefinder, for researchers in eight European, immigrant friendly, countries. Treefinder is commonly used for scientific papers to build diagrams, from sequence data, showing the most likely evolutionary relationship of various species. The software has not been updated for years and is not unique or irreplaceable. It is widely used because researchers are used to it but alternatives are already being listed for those...