Beware Facebook-Login sites!!

A tool unleashed by Egor Homakov, a researcher with security firm Sakurity, allows intruders to hijack Facebook Login accounts used by websites to log-in on third-party sites using their Facebook accounts, by generating URLs or you can say through phishing attacks. The tool named 'Reconnect', exploits cross-site request forgery (CSRF) vulnerability found in Facebook Login. After Facebook denial to fix this issue, as there are some compatibility issues that could hamper other website services, Homakov disclosed it publicly on his blog. <more>