BankThink

Facebook Flaw May Let in Malware

By Daniel Wolfe October 27, 2011, 4:44 p.m. EDT 1 Min Read

Facebook Inc. typically protects its users from malware by blocking executable files from being sent through its messaging feature. But its filter can be tricked with a tap of the spacebar, one security expert disclosed.

The information Facebook uses to detect executable files looks at the "filename" variable in the information being sent through its website, according to an article Computerworld published Thursday. Putting a space after the filename in that variable's description "was enough to trick the parser and allow our executable file to be attached and sent in a message," Nathan Power, the senior security penetration tester for the tech consultancy CDW, said in the blog post where he revealed the security flaw.

By exploiting this flaw, a user could send malicious software via Facebook to steal other users' banking passwords or other sensitive information. The recipient does not have to be on the sender's friends list.

Facebook representatives did not have an immediate comment, the article said.

Content Director, Payments and Credit Unions, American Banker

For reprint and licensing requests for this article, click here.

TRENDING

Earnings

Ohio banks say 'Howdy' to commercial loan opportunities in Texas

At a time of mild or nonexistent loan growth, middle-market borrowers in the Lone Star State are providing a boost to Fifth Third Bancorp and Huntington Bancshares.

By Catherine Leffert

3h ago
Industry News

Capital One and Discover walked away from talks before reaching a deal

New details have emerged about the negotiations that culminated in Capital One's blockbuster $35 billion agreement to acquire Discover. At one point last December, the two parties broke off discussions, according to a securities filing.

By Allissa Kline

3h ago
Politics and policy

Fed: Inflation, policy uncertainty are top financial stability concerns

According to the Federal Reserve Board's latest financial stability report, persistent inflation and policy uncertainty are the primary worries for banks. Survey respondents expressed heightened anxiety over murky policy outlooks due to geopolitical turmoil and rapidly approaching domestic elections.

By Ebrima Santos Sanneh

4h ago

MORE FROM AMERICAN BANKER

Earnings

Ohio banks say 'Howdy' to commercial loan opportunities in Texas

At a time of mild or nonexistent loan growth, middle-market borrowers in the Lone Star State are providing a boost to Fifth Third Bancorp and Huntington Bancshares.

By Catherine Leffert

3h ago
Industry News

Capital One and Discover walked away from talks before reaching a deal

New details have emerged about the negotiations that culminated in Capital One's blockbuster $35 billion agreement to acquire Discover. At one point last December, the two parties broke off discussions, according to a securities filing.

By Allissa Kline

3h ago
Politics and policy

Fed: Inflation, policy uncertainty are top financial stability concerns

According to the Federal Reserve Board's latest financial stability report, persistent inflation and policy uncertainty are the primary worries for banks. Survey respondents expressed heightened anxiety over murky policy outlooks due to geopolitical turmoil and rapidly approaching domestic elections.

By Ebrima Santos Sanneh

4h ago
Earnings

Credit, check fraud costs weigh on Regions' earnings

The Alabama regional lender says it expects expenses to taper off this year and anticipates challenged loans will gradually rise to historically average levels.

By Jim Dobbs

5h ago
Industry News

Truist announces departures, First Horizon reveals succession plans

Truist Financial's top executive leadership team announces departures; First Horizon's chief credit officer is retiring; Ferry teams with Highnote to roll out a new Visa-branded payroll card; and more in the weekly banking news roundup.

By Editorial Staff

5h ago
Artificial intelligence

Comerica says its AI bot performs work of six IT help desk agents

The Dallas-based regional bank tapped a client for its co-pilot capabilities, where employees can message a bot instead of a human to get tech assistance.

By Miriam Cross

6h ago