12 Dec 08
Facebook ignores huge security hole for four months →
Facebook has been sitting on a nasty website flaw that for four months has made its users susceptible to malware and forgery attacks.
The cross-site scripting (XSS) error can be plainly demonstrated here and here. It allows a miscreant to trick a user into believing he is visiting Facebook when the vast majority of the content is being supplied by a website of the attacker’s choice.
