A few weeks ago, three separate cross-site scripting
(XSS) vulnerabilities on Facebook sites were uncovered within a period
of about 10 days. At least two of these holes were used to launch viral
links or attacks on users – and it’s clear that attacks against Facebook
users are becoming increasingly sophisticated.
The first issue came from a page on the mobile version of Facebook’s
site. The interface was a prompt for posting stories to a user’s wall,
and the parameter for the text of the prompt did not properly escape
output. On March 28, a blogger identifying themselves as “Joy
CrazyDaVinci”...
