The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!


Facebook wants its 1.2 billion users to know that it’s working hard to protect them against a sophisticated hack attack known by security experts as BREACH.

Internet security experts said the effective malware has been around, in different forms, for over a decade. BREACH works by interacting with the technology that traditionally protects against a different attack known as CSRF, or “cross-site request forgery,” Facebook said in a blog post.

A Facebook spokesperson referred all requests for comments here.

The Menlo Park, Calif.-based social network explained the virus this way:

“CSRF is a well-known technique used against websites with user accounts. The attacker convinces the victim’s browser to send plausible web requests to the target website. The browser is easily fooled because cross-domain requests are commonplace and have many legitimate uses. If the trick works, the attacker can impersonate their victim and send spam or steal information from one of the websites where the victim has an account.”

Thus far, Facebook said it has managed to beat back serious BREACH and CSRF assaults. If the virus, for example, can figure out the users’ encrypted CSRF token, it stands a better chance of penetration.

Platforms like Facebook prevent CSRF attacks by issuing the user a secret “CSRF token.” No Web request may take an action on behalf of someone unless it also presents that person’s token. Facebook said that if attackers cannot easily discover the CSRF token, they generally aren’t able to impersonate the intended victim.

Versions of BREACH and CSRF were responsible for successful hacks in Mexico that affected banks. These also hit South Korea, targeting an eBay subsidiary, according to press reports.

 

 

 

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member