One new article link has been added to our Related News page. PC World published an article titled Researcher releases tool that can hijack accounts on sites using Facebook Login.
A new tool allows hackers to generate URLs that can hijack accounts on sites that use Facebook Login, potentially enabling powerful phishing attacks.
The tool, dubbed Reconnect, was released last week by Egor Homakov, a researcher with security firm Sakurity. It takes advantage of a cross-site request forgery (CSRF) issue in Facebook Login, the service that allows users to log in on third-party sites using their Facebook accounts.
Homakov disclosed the issue publicly on his personal blog in January 2014, after Facebook declined to fix it because doing so would have broken compatibility with a large number of sites that used the service.
Source: PC World