Ever since the 2016 presidential election, Facebook has had a particularly difficult time getting away from bad press, with public Senate hearings, additional security and privacy breaches, and a continual decline in usage among teens and millennials. But amid its reconstruction effort comes some occasionally good news. This time it comes from a cybersecurity firm called Imperva, who recently worked with Facebook to fix a big before it became a problem.
Instead of scrambling after the fact to patch a hole under intense public scrutiny, Facebook was quietly notified months ago about a potential issue with iframes. Inline frames, or iframes, are a method of delivering web page content to your browser from multiple sources (separately from the system for displaying ads).
Facebook search wasn't set up at the time for protection against cross-site request forgery, which means that it inherently trusted the browser that you used to navigate the site. This is normal for online search tools, but Facebook's implementation of iframes theoretically allowed a hacker to intercept private user data, and that of their Facebook friends.
Search results on Facebook can tell you what pages you like, the people you know on the social network, details about those other people such as where they're located, what their religious and political affiliations are, and other personal details. Notably, because these searches would appear to be conducted by the user, whose login and browser had been authenticated by Facebook, search results wouldn't be affected by the user's privacy settings.
FOLLOW Download.com on Twitter for all the latest app news.
Thankfully, it appears that this security hole never became another nasty headline for Facebook. Instead, Imperva security researcher Masas says in the announcement, "Having reported the vulnerability to Facebook under their responsible disclosure program in May 2018, we worked with the Facebook Security Team to mitigate regressions and ensure that the issue was thoroughly resolved."
It should be noted, however, that a breach affecting up to 50 million users happened within this same time frame, so Facebook's overall security scorecard remains problematic. The company is reportedly shopping around for a security firm to bring in-house to beef up its protections, and recent tests of its ad verification system indicate that there will be some problems to deal with right away.
- Facebook collaborated with a cybersecurity firm called Imperva to identify and fix a potential security hole, which was originally reported to them in May.
- A hacker could have theoretically impersonated a logged-in user and extracted private information via Facebook's personalized search function.
- However, Facebook's overall security status remains problematic, as evidenced by a recent test of its ad buyer verification system.
- Facebook breakup and tech regulation are on Senator Mark Warner's radar
- Facebook Messenger offers multimedia preview of latest James Patterson novel
- WhatsApp VP confirms that the chat app will display ads 'in the future'
- Facebook failed to monitor partners' handling of user data (CNET)
- Facebook beats Q3 earnings expectations, but user growth remains tepid (ZDNet)
- Why the Facebook/Cambridge Analytica scandal makes connecting with voters more difficult (TechRepublic)