Facebook scrambles to close hole exposing private data
Facebook engineers are finishing a patch for a critical vulnerability that exposed user birthdays and other sensitive data even when they were designated as private, a security researcher said Wednesday. The bug could be exploited by prompting a user to click on a link while logged into the social networking site, said M.J. …
"...Keith discovered a simple way to bypass the security token: by omitting it altogether, Facebook servers no longer attempted to validate browsers."
Don't they have any kind of internal teams who think up ways of defeating security? They ought to.
This describes how to use Firefox's "Adblock Plus" add-on to prevent other Web sites from accessing Facebook:
http://technotes-fran.blogspot.com/2010/05/prevent-web-sites-from-accessing-your.html
Could you tell me why an attacker would want to do that ?
I did not know that was possible. If so, then whoever breaks into a person's profile could be doing that person a favour.
there is actually a link to delete (not just disable) a facebook account.
The account is deactivated, and you have 14 days to re-activate it, otherwise it's permanently deleted (so they say)
https://ssl.facebook.com/help/contact.php?show_form=delete_account
More info here: http://www.facebook.com/group.php?gid=16929680703
Is it just me or is Facebook 'scrambling to protect private data' somewhat like an abattoir donating £10 to the RSPCA?
What would their 'trusted partners' think?
Facebook received a large almost-anonymous donation from Sneaky Data Harvesters inc. In a response to Sneaky, Mark Zuckerberg thanked them for their donation and said that although the hole won't be fixed until 90 seconds after all the data could be harvested by a third party interested in laying their hands on it he didn't think Sneaky was 'that kind of operation'.
Mr. Zuckerberg owns 49% shares in Sneaky.
Sign up, sign up for The Register's weekly IT security newsletter - click here
