A security researcher has found a vulnerability in Instagram involving how it handles cookies
A security researcher published on Friday another attack on Facebook’s Instagram photo-sharing service that could allow a hacker to seize control of a victim’s account.
The attack was developed by Carlos Reventlov around a vulnerability he found within Instagram in mid-November. He notified Instagram of the problem on Nov. 11, but as of last Tuesday, it had not been fixed.
The vulnerability is in the 3.1.2 version of Instagram’s application, released on Oct. 23, for the iPhone. Reventlov found that while some sensitive activities, such as logging in and editing profile data, are encrypted when sent to Instagram, other data was sent in plain-text. He tested the two attacks on an iPhone 4 running iOS 6, where he first found the problem.
“When the victim starts the Instagram app, a plain-text cookie is sent to the Instagram server,” Reventlov wrote. “Once the attacker gets the cookie he is able to craft special HTTP requests for getting data and deleting photos.”
FishyPic LLC, http://www.FishyPic.com, has released a new application for the iPhone that is available for instant download through the iTunes store. The app has been created in response to overwhelming demand from the members of FishyPic, an online social network created for fishermen.
The new app allows its members to take pictures and instantly uploading them to share with friends, family and other members of FishyPic.com. Users can be notified within seconds when their fishing buddies have landed a fish. The FishyPic iPhone app can also integrate GPS coordinates onto a private map for each user and can also provide up to date weather forecasting capabilities.
FishyPic.com allows for sharing fishing pictures, stories and experiences through an integrated online platform. With features like ‘Tackle Boxes’ for collecting your favorite fishing images and the “Hook It” button that allows you to link externally to interesting fish related content. The website is both interactive and fun for fishing men and women of all ages. Each individual profile within the FishyPic website can be linked to Facebook and Twitter and now with the advent of the new iPhone app, the company is truly “Taking Fishing Social.”