Hi,
You may have heard about a recent security hole in facebook.com (you know, the #2 website from Alexa ranks). French president Nicolas Sarkozy and Facebook’s CEO Mark Zuckerberg pages were recently hijacked.
How it works: hackers have used a cross site scripting vulnerability (XSS) for stealing cookie.
+
=
French security website zataz.com just realeased an article about the used method. A hacker used a fake identity: a certain Roy Castillo. The hackers used many identities but that « Roy » was the most influent one. As heard on Twitter and Zataz, hackers even bought domain fr-fr-facebook.net to convince people to enter their personnal information. Be carefull if that « Roy » or someone else you don’t know try to invite/contact you to join groups but all are hosted on infected page!
For information, this security hole has been publicly reported yesterday (26/01/11) and fixed this morning (27/01/11).
Here is a mirror of the facebook infected page with the effective XSS vulnerabilty.
If you think you have been compromised by the script, first of all clean your cookies and change your password. Facebook is trying to set up HTTPS access to its platform and is developping a system for avoiding strange account password recovery: « Social Authentification » : when you’ll reconnect after a suspicious move on your account, Facebook ask you to prove your identity by asking you to select friend from random picked pictures of them. If you don’t commit too much errors, you’ll be allowed to logon.
More infos/screenshots soon…
28/01/11 : Got some news .
Got sources Roy Castillo used :
no comment untill now