Researcher Takes on Facebook Flaws Project For September

During the month of September, a security researcher with the web name "theharmonyguy" will reveal the details of cross-site scripting vulnerabilities found within many Facebook applications.

Facebook, among other social networks have had their fair share of attacks ranging from the malicious Twitter messages, DDoS attacks, and XSS holes (cross-site scripting vulnerabilities) found in Facebook applications that can compromise login credentials. A security researcher who is acknowledged for checking the security and privacy of social networking apps, known as "theharmonyguy", has promise to disclose the technical aspects of cross-site scripting vulnerabilities discovered in Facebook applications.

Applications developed for the social networking mammoth known as Facebook are very plentiful and sometimes composed of apps that have vulnerabilities. Such applications can potentially expose a user’s username and password to a remote attacker.

You may ask, what can a hacker do with your login information for Facebook? The fact of the matter is, many computer users have the tendency to use the same username and password on multiple websites which gives hackers access to other online accounts besides Facebook. If you use the same login credentials for your banking account or PayPal, then it is possible for an attacker to gain access to additional personal information in addition to allowing someone to have free-run of your money.

The discovery of five vulnerabilities has already been made this month by theharmonyguy, who is off to a good start in finding Facebook applications with XSS Holes, which has been posted to his Twitter account with the tag #FAXX to showcase his progress in this endeavor.

The battle to combat rogue applications within social networks such as Facebook has only begun. It seems there is a lack of "social network cops", or those who look for applications that can literally turn a social network user’s life into an identity theft crisis. This is why theharmonyguy among other security experts have taken it upon themselves to discover and reveal the details of these vulnerabilities to ultimately help others.