Facebook Session Cookie Hacking

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › Social networks, social media and tools › Facebook Session Cookie Hacking

Cyris

121 posts

Master Geek

#78858 9-Mar-2011 17:13

Hey guys,

Just wanted to warn you on something that seems to be spreading rapidly fast.

It seems hackers figured out how to post to your Facebook profiles by you accidentally visiting their malicious website, there's no apps, there's no permissions, if you're logged into Facebook and click on their website it will post to your Facebook, I suspect it has something to do with your browser cookies. I'm going to research this and write up a blog post explaining it and how to protect yourself against it.

So don't go clicking on any dodgy looking videos posted by your friends on Facebook, or visit any malicious links.

If you do accidentally fall for it, make sure to visit your Facebook profile immediately and check to see if anything is posted to your wall, if it is then click the little cross that appears on the top right of the post "Remove AND Unlike"

I'll update this post with more details when I do some more research into this.

[Moderator edit (MF): moved to other forum]

oldmaknz

536 posts

Ultimate Geek

#447021 9-Mar-2011 17:33

[citation needed]

Regs

4066 posts

Uber Geek

Trusted

Snowflake

#447022 9-Mar-2011 17:36

i *think* that if you are using Internet Explorer and you add facebook.com to your trusted sites, any other sites that are out of the trusted list which try to post to facebook.com will fail.

if you can reproduce the 'hack', then give that a go and see if it mitigates it.

Sales Engineer
Snowflake
www.snowflake.com

about.me/nzregs
Twitter: @nzregs

Cyris

121 posts

Master Geek

#447035 9-Mar-2011 18:01

Turning on SSL seems to have stopped the one malicious website but not the other.

As far as I can make out, it's Javascript that is initiating the whole "Like and Posting" on your Facebook wall.

News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

RSS feeds: Main feed; Forums feed

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Affiliate links: Samsung; AliExpress; Wise; Sharesies; GoodSync

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright