back to article Facebook scrambles to close hole exposing private data

Facebook engineers are finishing a patch for a critical vulnerability that exposed user birthdays and other sensitive data even when they were designated as private, a security researcher said Wednesday. The bug could be exploited by prompting a user to click on a link while logged into the social networking site, said M.J. …

COMMENTS

This topic is closed for new posts.
  1. frank ly
    WTF?

    Awwwww, come on!

    "...Keith discovered a simple way to bypass the security token: by omitting it altogether, Facebook servers no longer attempted to validate browsers."

    Don't they have any kind of internal teams who think up ways of defeating security? They ought to.

  2. Francis Litterio

    This can be prevented using Firefox's Adblock Plus add-on

    This describes how to use Firefox's "Adblock Plus" add-on to prevent other Web sites from accessing Facebook:

    http://technotes-fran.blogspot.com/2010/05/prevent-web-sites-from-accessing-your.html

    1. Anonymous Coward
      Anonymous Coward

      Sure

      Could you tell me why an attacker would want to do that ?

  3. Anonymous Coward
    Pirate

    Delete a profile?

    I did not know that was possible. If so, then whoever breaks into a person's profile could be doing that person a favour.

    1. Jamie Jones Silver badge

      yes

      there is actually a link to delete (not just disable) a facebook account.

      The account is deactivated, and you have 14 days to re-activate it, otherwise it's permanently deleted (so they say)

      https://ssl.facebook.com/help/contact.php?show_form=delete_account

      More info here: http://www.facebook.com/group.php?gid=16929680703

  4. Alpha Tony

    'Facebook scrambles to close hole exposing private data'

    Is it just me or is Facebook 'scrambling to protect private data' somewhat like an abattoir donating £10 to the RSPCA?

    1. Anonymous Coward
      Anonymous Coward

      They can't just give this data out to anyone.

      What would their 'trusted partners' think?

  5. g e
    FAIL

    In separate news...

    Facebook received a large almost-anonymous donation from Sneaky Data Harvesters inc. In a response to Sneaky, Mark Zuckerberg thanked them for their donation and said that although the hole won't be fixed until 90 seconds after all the data could be harvested by a third party interested in laying their hands on it he didn't think Sneaky was 'that kind of operation'.

    Mr. Zuckerberg owns 49% shares in Sneaky.

This topic is closed for new posts.

Other stories you might like