Facebook details how it handles new form of hacking attack


A new Facebook (s fb) engineering blog post highlights how the company is trying to counter the threat of browser reconnaissance and exfiltration via adaptive compression of Hypertex (BREACH) attacks, which security researchers warned about last August.

BREACH attacks can be linked to the security measures an organization might use when dealing with cross-site request forgery (CSRF) attacks, which target websites that have user accounts, according to Chad Parry, a member of Facebook’s security and infrastructure team based in London.

In the case of an CSRF attack, an attacker can impersonate a user and trick the user’s browser to either send spam or steal information in the form of web requests to whatever website a user might have an account with, Parry wrote.

While companies like Facebook could use a CSRF token as a marker that indicates whether the user is real or a hacked account, to prevent an attack, the…

View original post 199 more words


Leave a Reply if you wish

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s