Facebook engineers are finishing a patch for a critical vulnerability that exposed user birthdays and other sensitive data even when they were designated as private, a security researcher said Wednesday. The bug could be exploited by prompting a user to click on a link while logged into the social networking site, said M.J. …
Awwwww, come on!
"...Keith discovered a simple way to bypass the security token: by omitting it altogether, Facebook servers no longer attempted to validate browsers."
Don't they have any kind of internal teams who think up ways of defeating security? They ought to.
This can be prevented using Firefox's Adblock Plus add-on
This describes how to use Firefox's "Adblock Plus" add-on to prevent other Web sites from accessing Facebook:
Could you tell me why an attacker would want to do that ?
Delete a profile?
I did not know that was possible. If so, then whoever breaks into a person's profile could be doing that person a favour.
there is actually a link to delete (not just disable) a facebook account.
The account is deactivated, and you have 14 days to re-activate it, otherwise it's permanently deleted (so they say)
More info here: http://www.facebook.com/group.php?gid=16929680703
'Facebook scrambles to close hole exposing private data'
Is it just me or is Facebook 'scrambling to protect private data' somewhat like an abattoir donating £10 to the RSPCA?
They can't just give this data out to anyone.
What would their 'trusted partners' think?
In separate news...
Facebook received a large almost-anonymous donation from Sneaky Data Harvesters inc. In a response to Sneaky, Mark Zuckerberg thanked them for their donation and said that although the hole won't be fixed until 90 seconds after all the data could be harvested by a third party interested in laying their hands on it he didn't think Sneaky was 'that kind of operation'.
Mr. Zuckerberg owns 49% shares in Sneaky.
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked
- Sysadmins and devs: Do these job descriptions make any sense?