Over the past couple years, Facebook has been the subject of many privacy flaws and hackers are continuously generating new methods for phishing user passwords. Today XSSED posted about a new set of cross site scripting vulnerabilities. Now that the vulnerabilities have been posted, Facebook will most likely resolve the issues within hours but it’s clear that Facebook has become one of the primary targets for hackers online. According to Dimitris Pagkalos of XSSED, it’s not even safe to accept friend invitations from people you don’t know. “The reason is that a Facebook profile contains enough personal information which can be studied by fraudsters in order to create special phishing attacks or malware targeted to individual users or businesses.”
Over the past few weeks, the number of users infected by the Koobface virus has surged and has since expanded to other social networks. The virus captures a user’s password, and then logs in as that user to post links within messages and wall posts targeted at the user’s friends. The result is that malware infects their friends computers and the infection cycle continues.
Facebook, other social networks, and virus experts have yet to find a resolution for the “Koobface” virus. I’m guessing that we’ll see many more viruses and security flaws like the one posted by XSSED today. As Facebook’s user base has surged beyond 130 million users, it’s not surprising to see a continued surge in attacks targeted at the site. Have you been a victim of any of these viruses or privacy vulnerabilities?