[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Security risks in public APIs?



My own thoughts is, aslong as FaceBook continues to live, there will always
be that million people who will not bother to worry, because afterall, its
not theyre website, so, why even bother to use a secure api... if you know
your security enough then, it is a well known target for any attack and will
continue to be attacked aslong as it stays big, it is a source of easily
gotten robots through spam and yes, bad links etc within facebook.
I know with myspace, it was nonstop worms and these worms were darn good,
using trick flash plugin exact pages to do theyre bidding to "view a friends
page' .... this kind of attacking and attacks wil always happen, so, the
security info is great for some but, really if you keep things *small* and
monitor who you add to the list of friends, you should never be *owned8 ,
then again, there will always exist the better social engineers.
I will conclude by saying, i dont have any facebook account, i have only
monitored what i have watched happen, over and over it seems with facebook,
and continues to have undisclosed bugs in the app, so, i dont think any use
of it is secure, certainly not for minors, certainly not if your on some
production box and using it either.. thatd be silly.
my own thoughts and my own opinions, as you asked for.
This little birdy says NO to FB :-(
xdab



On 27 October 2011 08:42, Adam Behnke <adam@xxxxxxxxxxxxxxxxxxxx> wrote:

> Hello full disclosurites, what do you think about security in public APIs?
> ****
>
> ** **
>
> Dan Morrill here at InfoSec Institute writes about how to insecurely and
> securely use APIs in the Facebook SDK:****
>
> ** **
>
> http://resources.infosecinstitute.com/api-security/****
>
> ** **
>
> Your thoughts?****
>
> ** **
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/