On 20/09/2011 06:04, James Fife wrote: > I noticed a recent flaw in Facebooks security resolution process recently. > After being asked to confirm my identity simply because I was using a > different computer, I apparently took too long to > identify my friends in their photos. However, I was able to try two more > times before being locked out. In which case Facebook provided the exact same > photos with the same selection of people to name > in order to confirm my identity. What this means is that I could conceivably > attempt to logon to a victims Facebook account from an unauthorized device to > get such a prompt, and then take my time to > research the answers.
I dont have the link but there is a really neat image search engine. You point it at an image (file->save image as?) and it will hunt down the URLs referencing similar images. Have seen it used to find sites using "stolen" images - not sure if it would work with fb image archives but worth a try. Could prolly automate the whole thing with 20 lines of perl :-) Jacqui _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/