When it was announced Graph Search of Facebook, many experts voiced their concern that the new feature could be used by phishers to obtain data from Facebook users. OR Trustwave, μία online εταιρεία security, πρόσφατα ανέπτυξε ένα script που το ονόμασε “FBStalker”And proves that these fears were justified.
It all started when a powerful public face από το Χονγκ Κονγκ ανέθεσε στην Trustwave να ερευνήσει αν θα μπορούσε κάποιος να πάρει τους κωδικούς πρόσβασης του. Οι ειδικοί μέσω της υπηρεσίας Graph Search του Facebook, ήταν σε θέση να διαπιστώσουν ότι η woman του είχε ένα στούντιο pilates. Έτσι της έστειλαν μια ψεύτικη ενημέρωση για την work her, and when she opened it to read, they were able to get her husband's passwords. This led them to create the FBStalker script, which the company first presented at the Hack in the Box security conference held in Kuala Lumpur.
The script works by searching for information, such as photos that two people have been "tagged" or commented on. It then uses the data to recognition of the associates of the person they are interested in. Most worrying of all, is that the script works even if someone has locked their profile. Of course, the powerful script does not stop there, it takes advantage of the entire web, to discover all the relationships of a person and not only their individual characteristics.
"No one can take back the posts of people on Facebook that could potentially be valuable in the hands of someone else." said Jonathan Werrett, Managing Director Trustwave.
"If you want to learn a lesson from all this, the lesson is that even if you are believed to be very careful about your privacy, such as your information, your friendships, or your posts, they can leak."