back to article Facebook scrambles to close hole exposing private data

Facebook engineers are finishing a patch for a critical vulnerability that exposed user birthdays and other sensitive data even when they were designated as private, a security researcher said Wednesday. The bug could be exploited by prompting a user to click on a link while logged into the social networking site, said M.J. …

COMMENTS

This topic is closed for new posts.
Silver badge
WTF?

Awwwww, come on!

"...Keith discovered a simple way to bypass the security token: by omitting it altogether, Facebook servers no longer attempted to validate browsers."

Don't they have any kind of internal teams who think up ways of defeating security? They ought to.

0
0

This can be prevented using Firefox's Adblock Plus add-on

This describes how to use Firefox's "Adblock Plus" add-on to prevent other Web sites from accessing Facebook:

http://technotes-fran.blogspot.com/2010/05/prevent-web-sites-from-accessing-your.html

1
0
Anonymous Coward

Sure

Could you tell me why an attacker would want to do that ?

0
0
Pirate

Delete a profile?

I did not know that was possible. If so, then whoever breaks into a person's profile could be doing that person a favour.

2
1
Silver badge

yes

there is actually a link to delete (not just disable) a facebook account.

The account is deactivated, and you have 14 days to re-activate it, otherwise it's permanently deleted (so they say)

https://ssl.facebook.com/help/contact.php?show_form=delete_account

More info here: http://www.facebook.com/group.php?gid=16929680703

0
0

'Facebook scrambles to close hole exposing private data'

Is it just me or is Facebook 'scrambling to protect private data' somewhat like an abattoir donating £10 to the RSPCA?

4
0

They can't just give this data out to anyone.

What would their 'trusted partners' think?

0
0
g e
Silver badge
FAIL

In separate news...

Facebook received a large almost-anonymous donation from Sneaky Data Harvesters inc. In a response to Sneaky, Mark Zuckerberg thanked them for their donation and said that although the hole won't be fixed until 90 seconds after all the data could be harvested by a third party interested in laying their hands on it he didn't think Sneaky was 'that kind of operation'.

Mr. Zuckerberg owns 49% shares in Sneaky.

0
1
This topic is closed for new posts.

Forums