BugTraq
Facebook Information Disclosure Jun 21 2013 09:40PM
Packet Storm (bugtraq packetstormsecurity org) (1 replies)
Re: Facebook Information Disclosure Jun 24 2013 07:55PM
Jeffrey Walton (noloader gmail com) (1 replies)
Re: Facebook Information Disclosure Jun 25 2013 07:44AM
terry white (twhite aniota com)
... ciao:

: on "6-24-2013" "Jeffrey Walton" writ:
: On Fri, Jun 21, 2013 at 5:40 PM, Packet Storm
: <bugtraq (at) packetstormsecurity (dot) org [email concealed]> wrote:
: >From the write-up:

: ]] It was clear that Facebook attacked the disclosure flaw properly, but
: ]] concerns still remain about the fact that dossiers are being built

: If you don't want your data analyzed, inspected, shared, mishandled,
: lost or stolen, then don't provide to social networking experiments,
: clouds and drop boxes in the first place.

that advice is as sage, as it is misplaced. preaching to the choir
comes to mind. my concern, is the congregation that has no clue as to the
implications of the message.

for example: the thought of someone running 'arbitrary code' is a
really scary prospect to me, but to most, 'arbitrary' means, "doesn't
matter". i am at something of a loss in understanding 'why' the "user"
community less concerned than it is. it would be partially correct to
'blame' it for its addiction to fluff.

however, 'pdf', 'js', et al, have a robust history as attack vector.
'that' is not the user's fault, but it is "our" dilemma. i have a hunch,
any meaningful solution, is going to put the 'middlemen', between a rock
and a hard place. the 'i ching' warns against 'blaming someone' for what
they do not know. that suggests 'we' either "educate", or "protect" if
we're serious in what we'er doing ...

--
... it's not what you see ,
but in stead , notice ...

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus