When it was announced Graph Search of Facebook, πολλοί ειδικοί εξέφρασαν τις ανησυχίες τους για το ότι το νέο χαρακτηριστικό θα μπορούσε να χρησιμοποιηθεί από τους phishers για να αποκτήσουν δεδομένα από τους users of Facebook. THE Trustwave, one online company security, recently developed a script that he called “FBStalker”And proves that these fears were justified.
It all started when a powerful public figure from Hong Kong commissioned Trustwave to investigate whether anyone could get his passwords. Experts through Facebook's Graph Search service were able to determine that his wife owned a pilates studio. So they sent her one fake update on her work, and when she opened it to read, they were able to get her husband's passwords. This led them to create the FBStalker script, which the company first presented at the Hack in the Box security conference held in Kuala Lumpur.
The script works by searching for information, such as the photos that two άνθρωποι έχουν γίνει “tagged” ή έχουν κάνει κάποιο σχόλιο. Στη συνέχεια, χρησιμοποιεί τα δεδομένα για την αναγνώριση των συνεργατών του person that they care about. Most disturbing of all, is that the script works even if someone has locked their profile. Of course, the powerful script does not stop there, it takes advantage of the entire web, to discover all the relationships of a person and not only their individual characteristics.
"No one can take back the posts of people on Facebook that could potentially be valuable in the hands of someone else." said Jonathan Werrett, Managing Director Trustwave.
"If you want to learn a lesson from all this, the lesson is that even if you are believed to be very careful about your privacy, such as your information, your friendships, or your posts, they can leak."
