Huge Vulnerabilities In Facebook Chat and Messenger Exploitable With Basic HTML

An anonymous reader writes: Check Point's security research team has discovered vulnerabilities in Facebook's standard online Chat function, as well as Messenger app. The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences. To exploit the vulnerability, an attacker simply needed to identify the unique ID for the sent message he or she is targeting.According to the report, Facebook, in conjunction with Check Point's researchers, patched the vulnerability earlier this month.

Messenger and Payments?

[JimMcc]

And Facebook wants to use the messenger app to send payments? If they have this much trouble with basic security over social chatting, why should we trust them to handle payment processing? If you can't do the simple things right, you certainly can't be expected to successfully accomplish the difficult things.

Node and REST?

[clifwlkr]

This is what you get when you hire a bunch of developers doing straight RESTful interfaces on top of MongoDB having no idea what they are actually doing. I am amazed at the lack of security I see in most of the software developed these days, and while RESTful can be a great approach, people also need to realize how open and easy to abuse it really is.

It really is funny how all of these things we solved ages ago are having to be redone because now we have a new platform that doesn't just give you all of this built in. Hopefully the node level javascript developers can be taught the importance of actual security and designing an enterprise/internet level system and what that means, but with trends like 'microservices' being the rage, I somehow doubt that.

This is the difference between being a programmer, and being an engineer.

Rant off....