The security expert Laxman Muthiyah from India has discovered a new vulnerability in the popular social network Facebook. This is the third bug discovered by the expert in since January, at the beginning of the year he found a serious flaw in Facebook graphs that allowed him to delete users’ Facebook photo album without being authenticated. A few weeks later he announced the discovery of a new critical flaw affecting the Facebook Photo Sync feature, a feature that allows the automatic uploads of photos from user’s mobile device to a private Facebook album, which is not visible to Facebook friends neither to other Facebook users. The flaw discovered by Laxman could allowed any third-party app to access user’s personal photographs from the hidden Facebook Photo Sync album, facebook comments hacking 3 This time the expert discovered a way to hack any Facebook Page, the vulnerability affects the “Facebook business pages” which are related to businesses and organizations. These pages are usually managed by a number of users, Laxman could allow third-party apps to take complete control of a Facebook business page with limited permissions, possibly making the victim permanently lose administrator access to the page. Laxman Muthiyah explained that third party Facebook applications can perform a number of actions, including post photos and status update on user behalf. However, Facebook doesn’t allow them to add or modify page admin roles. The popular social network allows administrators of business pages to assign different roles to different users through manage_pages, an access permission requested by third-party apps. The expert discovered that an attacker can use a simple string of requests to impersonate the admin of a Facebook page, below and example of string: POST /PGID/userpermissions HTTP/1.1Host: graph.facebook.comContent-Length: 245role=MANAGER&user=X&business=B&access_token=AAAA… The page PGID if used to identify the business associated to the page, the manage_pages request allows to assign the role of MANAGER to the user ‘X’ which allow the attacker to take over the Facebook business page.The expert also provided a video PoC for the exploitation of the flaw: https://www.facebook.com/7xter/videos/707721066037025/ Laxman ethically reported the flaw to the Facebook security team and was rewarded with 2500 USD as a part of Facebook’s bug bounty program.

Here is a list of the most popular real time cyber attack maps for your convenience. If you’re aware of another map, please tell us about it so we can add it.

Real time Cyber Attack Maps:
Deutsche Telekom  Sicherheitstacho.eu
Google Ideas + Arbor Networks  Digital Attack Map
Honey Project  HoneyMap
Norse Corporation  Norse – IPViking Live
Kaspersky  Find out where you are on the Cyberthreat map
FireEye  Cyber Threat Map

Some of these maps are so intricate that they appear to be organic, whereas the other maps are relatively simplistic. All of these maps, however, state that they allow you to monitor cyber attacks in real time.

Remember back in 2011, when Mark Zuckerberg dissed Google, Yahoo and Microsoft for following you around on the web, using browser cookies to collect a huge amount of information about who you are "behind your back"?

Yes. Right. Well. Ahem.

Facebook's going to do that. Except it won't be behind our backs.

Facebook announced on Thursday that it's giving advertisers more ammunition to target users, by mixing data about what we do on its site with data about what we do on other sites.

In other words, like many other services, it's going to follow its users around, and its advertising will reflect that.

Did you visit Cars.com, looking for a new set of wheels? Don't be surprised if Facebook splashes car ads at you.

Up until now, Facebook ads have mostly been generated from what we do on the site, whether we've liked a brand's page or shared a funny ad.

But while advertisers will also now be able to mix in data about what we do off of Facebook, the social network also announced that its users will get a way to turn off whatever completely irrelevant ads for iPhone apps, tropical vacations, tanning salons or whatever they're seeing now or in the new, tweaked future.

Users will also be able to change, add or delete information in Facebook's dossiers of the likes and interests it keeps on users.

We'll be able to do that with a new tool to indicate ad preferences.

To tell Facebook what you think of a particular ad, you'll be able to click on the top right-hand corner of the ad, and click or tap on "Why am I seeing this ad?"

From there, Facebook will show you a list of what it thinks your interests are.

If you've been shopping for TVs, for example, Facebook might have listed "electronics" as an interest in your dossier.

If you're not all that into electronics, you'll be able to delete it from your list of interests.

Facebook also targets us with ads that have nothing to do with our interests. That's because, it says, advertisers sometimes want to reach broad categories of people - say, people living in your city who are between the ages of 18 and 29.

If you don't want to see a particular ad, you can tell Facebook that, or you can choose the option of hiding all ads from a given advertiser.

You can also visit the Digital Advertising Alliance website and opt out, which should stop the websites you visit from being added to the mix when Facebook determines what ads to show you.

Alas, it has no option on Facebook for "Don't show me any ads at all", but that's no surprise, given that the social network is an advertising-fueled service.

The Facebook ad preferences tool will be available on every Facebook ad, eventually. Facebook's rolling it out in the US in the next few weeks, and it says it's "working hard to expand globally" in the coming months.

None of this will matter much, I'm sure, to our readers who won't touch Facebook (there are quite a few!) because of privacy implications.

To those of you who do still dabble in the Book of Face, what do you think of the new advertising model? Is the thought of Facebook reading over your shoulder when you're surfing the internet intrusive?

Or do you welcome the new transparency into your advertising dossier and the new ability to edit it?

Original article by: Lisa Vaas at:  http://nakedsecurity.sophos.com/2014/06/13/facebook-to-let-advertisers-see-where-youre-surfing/