In association with heise online

21 February 2011, 14:54

Security vulnerabilities galore in social networks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A new web site,, has been set up to publish details of security vulnerabilities in social networks such as Facebook, Lokalisten,, and XING. Most of the vulnerabilities listed could be exploited for cross-site scripting (XSS) attacks., for example, contains one such vulnerability which allows contacts' cookies to be stolen. The team behind also found several vulnerabilities on XING. On Facebook, phishing attacks can be carried out by using a forwarding script which, using a Facebook link, generates an HTTP login query with readily viewable content. Some web site operators have still to respond to vulnerability disclosures. Our colleagues at heise Security were still able to reproduce the XSS vulnerability on Kwik on Monday afternoon.

The project was founded in order to provide social network users with the opportunity to find out about open security vulnerabilities and to protectGerman language link themselves from the associated risks. The team behind the web site, who wish to remain anonymous, also hope that their project will heighten awareness of security issues among web site operators. Basic tipsGerman language link are also provided to help administrators secure their sites. (Both of these pages of tips are currently only available in German.) Following in the footsteps of Wikileaks, the team has announced its intention to publish information on vulnerabilities in and shortly. Visitors to the site are also encouraged to report vulnerabilities in social networks.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit