Facebook is susceptible to certain types of attacks that could allow someone to hijack an account while a user is interacting with another Web site, a security researcher warned on Monday.
Reseacher Nitesh Dhanjani also said a design flaw in Facebook is granting third-party apps permission to access user profile data without express approval from users.
Facebook used to display a pop-up window warning users when they added any third-party app that doing so would authorize the app to get access to user profile information. This allowed users to change their mind before adding the app. The company has changed … Read more