IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [facebook]

Facebook is an online social networking service founded in February 2004 by Mark Zuckerberg.

Facebook is an online social networking service founded in February 2004 by Mark Zuckerberg.

265 questions
554
votes
3 answers

Why can I log in to my Facebook account with a misspelled email/password?

I've been playing around with different login forms online lately to see how they work. One of them was the Facebook login form. When I logged out of my account my email and password were autocompleted by my browser. Then I decided to misspell my…
aMJay
  • 3,615
  • 5
  • 11
  • 20
190
votes
6 answers

Does Facebook store plain-text passwords?

I was about to reset my Facebook password and got this error: Your new password is too similar to your current password. Please try another password. I assumed that Facebook stores only password hashes, but if so, how can they measure passwords…
Michał Šrajer
  • 4,154
  • 4
  • 18
  • 21
140
votes
7 answers

Internet courtship: Why would a hacker buy me poker chips?

Believe me, I never expected to ever write a title like that on a Stack Exchange site either! Yesterday evening I got a call from my mother. She is quite tech savvy and generally knows her way around spam and viruses. However, yesterday she was…
Bram Vanroy
  • 991
  • 2
  • 6
  • 9
107
votes
5 answers

Should we store accesstoken in our database for oauth2?

I have a requirement to implement Facebook and Google login in my web application. I also need to access a user's Facebook/Google+ friend list. I have gone through the complete OAuth2 documentation of Facebook and Google. I understood the basic…
Deepak Kumar Padhy
  • 1,178
  • 2
  • 8
  • 7
92
votes
4 answers

I was tricked on Facebook into downloading an obfuscated script

I got a notification on Facebook: "(a friend of mine) mentioned you in a comment". However, when I clicked it, Firefox tried to download the following file: comment_24016875.jse This is an obfuscated script which seems to download an executable…
Nacib Neme
  • 1,194
  • 2
  • 9
  • 11
91
votes
5 answers

How does Facebook track your browsing without third party cookies?

Facebook has served me an ad for a website I visited earlier in the day. I have third party cookies disabled and have not followed any links between the website and Facebook (links which could contain a tracking ID connecting my Facebook account to…
Jesse
  • 761
  • 1
  • 6
  • 5
79
votes
3 answers

Does correcting misspelled usernames create a security risk?

Does correcting a misspelled username and prompting the user with a valid username introduce a security risk? I recently tried logging into facebook and misspelled my email. They prompted me with the message below. Log in as…
GER
  • 865
  • 1
  • 7
  • 9
62
votes
5 answers

Logged out of Facebook on all devices on a sudden. Should I be worried about being hacked?

A while ago, I was opening Facebook app on Android and then I got the message "Session expired. Please log in again.". I then tried logging in with my current password and was success to log in my account. Before, long time ago, when I created this…
MattCat15
  • 701
  • 1
  • 5
  • 6
61
votes
6 answers

Anonymity on Facebook - how do they suggest people I should know?

I want to know how Facebook discovers the people who you know in real life or who know you. I tried the following to see if Facebook can still discover my acquaintances in real life and suggest them to me as a friend. I connected using a VPN (an…
Neon Flash
  • 929
  • 2
  • 11
  • 17
48
votes
1 answer

Facebook password lowercase and uppercase

Recently I logged into my Facebook account and then noticed that my caps lock was on. So I tried to log in again with and without capslock on. I got in both times. Then I tried to log in with the first letter of my password in uppercase and the rest…
StuckBetweenTrees
  • 649
  • 5
  • 8
34
votes
4 answers

Does Facebook storing old passwords compromise security?

Facebook stores old password hashes (along with the old salt), such that if you try to log in with a previous password, Facebook tells you that you updated the password (and when). Nice user experience. Except this site isn't…
dave
  • 453
  • 4
  • 9
24
votes
2 answers

Why I am getting Facebook login pop up for every site?

My Chrome browser keeps prompting me for Facebook authentication, even though I have never logged on to Facebook from my PC. I am using Chrome browser from my company where they have a strong proxy to avoid social networking sites. Though, I never…
Anuj Tripathi
  • 359
  • 3
  • 7
23
votes
5 answers

Find IM user location via netstat?

I got sent an article today (http://hakerin.com/facebook-user-location-finder-noobs/). With the click-bait title "Facebook User location Finder" Of course I clicked it. Going through the "article" there is not a lot of details given. And I thought…
LoJoe
  • 355
  • 1
  • 2
  • 6
22
votes
3 answers

Best practices on securely storing access tokens

What would be the best practices for storing access tokens of another api for your users? In particular I'm developing an application with some friends that let's user log into Facebook to both authenticate to our internal REST api and make it able…
Joren Van Severen
  • 329
  • 1
  • 2
  • 6
22
votes
1 answer

Website seeing my Facebook data?

I recently visited opensecrets.org and was surprised to see a message box in the lower right corner of the window asking if I wanted to talk, and displaying my name. The pop-up says Chat with opensecrets.org in Messenger. As far as I know, I…
Bolton Bailey
  • 331
  • 3
  • 7
1
2 3
17 18