Facebook started rolling out a new home page and navigation menus earlier today. And whenever Facebook adds new features, in this case the Applications and Games dashboards , there’s usually a new privacy setting as well. This is what part of the new Applications dashboard looks like

See the rest here:
New Facebook Home Page, Important New Privacy Setting

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Top Ten Web Hacking Techniques of 2009 (Official) Default https access for Gmail new static analyzer from Google Purported Interview With Facebook Employee Details Use Of ‘Master Password’ Software testing firm says no to responsible disclosure Web-based systems vs

View original post here:
Best of Application Security (Friday, Jan. 15)

Facebook recently rolled out new privacy settings that provides additional publishing controls. For example, Facebook users can now publish a photo to a selected list of friends.

Link:
Facebook Privacy Doesn’t Really Exist

Every year the Web security community produces dozens of new hacking techniques documented in white papers, blog posts, magazine articles, mailing list emails, etc. Not to be confused with individual vulnerability instances brandishing CVE numbers, nor intrusions / incidents, but actual new methods of Web attack. Some techniques target websites, others Web browsers, and the rest somewhere in between.

More:
Top Ten Web Hacking Techniques of 2009 (Official)

It has come to our attention recently that a website is giving out instructions on how to use a low tech social engineering trick to view private Facebook profiles. To view the instructions, a third-party application must be first downloaded and installed. While this application is not malware, it may impact computer performance.

See more here:
A Wolf in Sheep’s Clothing

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order. Regularly released until year end. Then the Best of Application Security 2009 will be selected! Another fine method to exploit SQL Injection and bypass WAF Security and Facebook Platform When Is More Important Than Where in Web Application Security Apple - XSS Attack Cross-subdomain Cookie Attacks PILOT: Production in lieu of testing (AgoraCart FAIL) Facebook and MySpace security: backdoor wide open, millions of accounts exploitable SSL and TLS Authentication Gap vulnerability discovered Using Blended Browser Threats involving Chrome to steal files on your computer LinkedIN With ‘Bill Gates’ WhiteHat Security is a leading provider of website security services

View post:
Best of Application Security (Friday, Nov. 6)

Symantec recently reported a malicious spam campaign against Facebook, which is now accompanied by a phishing attack. These messages look like an official Facebook invite or password reset confirmation mail

View post:
Users of Social Networking Websites Face Malware and Phishing Attacks

Watching videos in Facebook is a popular activity, so it’s not surprising to find dozens of fake copycat sites being used to infect unsuspecting viewers with malware. Here’s one fake Facebook site with a malicious Javascript that uses the old “Flash Player upgrade installation” trick - but with a slight twist. As usual, the viewer thinks they’re going to see a video, if they just upgrade their Player: But first they have to download and install the “upgrade”: The unusual thing is, this “upgrade” comes with a CAPTCHA pop-up: The request is displayed at random times and doesn’t actually do anything

See more here:
Fake Facebook, Fake Video, Fake CAPTCHA

Ten of Application Security industry’s coolest, most interesting, important, and entertaining links from the past week — in no particular order.

Link:
Best of Application Security (Friday, Sep. 4)