investigation: Facebook ID login on livingsocial.com RRS feed

  • General discussion

  • benign trace

    Understanding of the trace

    1. BRM1 has a hidden operation which is to send a cross-domain message from Facebook domain to livingsocial.com/login page. The message contains access_token, and the secret token signed_request. Upon receiving the message, livingsocial.com/login writes access_token, signed_request, along with other data into a cookie field fbls_48187595837, in which the number part is the relying party website's ID. In addition, it also creates another cookie field fbsr_48187595837, which stores another secret.

    • Edited by Rui Wang ISRC Wednesday, February 8, 2012 11:19 PM
    • Edited by cs0317 Friday, March 30, 2012 5:54 PM ....
    Wednesday, February 8, 2012 1:43 AM

All replies

  • access_token is very sensitive piece of data. If this data can be stolen, then it's already very critical attack.

    Wednesday, February 8, 2012 11:25 PM