Facebook Vulnerability To 19-Year-Old Attack Discovered

It’s a good thing Facebook offers money to so-called “bug bounty hunters” to discover weaknesses in its own defenses. The holes these security experts discover are often startling, like the one researchers recently uncovered that exposed Facebook to a cyberattack method first used in 1998.

Facebook paid out a bounty to a trio of security researchers for discovering the flaw, which exploited a weakness in widely-used website encryption protocols. Despite being 19 years old, the researchers found that almost one-third of the top 100 domains on the web are still vulnerable to it. The bug would’ve effectively allowed hackers to intercept any information that passed from Facebook to its users — including passwords.

“If this attack works then essentially anything you think you are sending securely to Facebook, isn’t [secure],” said Alan Woodward, a professor at the University of Surrey’s Department of Computing. “[The] attack isn’t new, so it is surprising that it is reappearing, especially on such high profile systems.”

For its part, Facebook expressed gratitude to the researchers for discovering the problem, and said that it has since been fixed. The company also said it was “not aware” of any abuses of the vulnerability, though it’s been around for so long, it’s hard to be certain of that.

Recommended Resources

bitdefender trafficlightBitDefender Traffic Light is a free cross-browser add-on that intercepts, processes and filters all Web traffic, blocking any malicious content and taking browser security to new levels.

PIAPrivate Internet Access is an award-winning, cost-effective VPN solution. The use of an anonymous and trusted VPN is essential to your online privacy, security and identity protection.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!

Former Facebook VP Says Company Is “Ripping Apart” Society Previous post Former Facebook VP Says Company Is “Ripping Apart” Society Expert Warns Against Trusting Facebook With Our Data Next post Expert Warns Against Trusting Facebook With Our Data