[now fixed] Facebook refuses to fix obvious security flaw

[ UPDATE:  Facebook has reversed itself and fixed this vulnerability ]

ZDNet.com reports:

The Register’s Dan Goodin has the scoop on an obvious security vulnerability that’s being ignored by the powers at Facebook.

The issue, as demonstrated by this proof-of-concept, shows how a social network application can be rigged to hijack a Facebook user’s session identification cookies, deliver pop-up messages or change the color of Facebook pages.  Continue reading “[now fixed] Facebook refuses to fix obvious security flaw”

The ugly truth: Satan, social networks and security

This is mostly a geek-read, so let me sum it up for you.  The more apps you add to facebook and myspace, the less safe you are.  Don’t add people you don’t know well (ouch, log in my own eye) and use unique passwords for each account. This or this may help.

“A quick (and very much incomplete) hall of shame here includes MySpace, LiveJournal, and Hi5, all of which we’re surprised haven’t sunk into the East Bay under the weight of their own pwnability.”

More here >> The ugly truth: Satan, social networks and security.

KeePassX gets better!

I have a ton passwords.  I like strong and unique passwords for every site.

I love the password safe – Keepass.  It’s great and runs from a jump drive so I always have my passwords with me.  When I went to Linux, I was still able to use my keepass data thanks to a great fork KeePassX.

But I lost my auto-type feature – which i became dependent on. And closing the application always really closed it instead of sending it to my task bar like the windows version.  Well worry no more! The latest update has fixed all that and I’m fly through sites with random and difficult passwords like:

16AIC|dT4H0R:rKm}^2}!n,!f

Gotta love it!

Linux and Mac: KeepassX: keepassx.org

Windows version is available here: keepass.info