[Infowarrior] - For anyone speculating on why Facebook Chat has been unavailable all morning.

Richard Forno rforno at infowarrior.org
Wed May 5 15:29:21 UTC 2010


(c/o Anonymous)

....speculate no more:

http://eu.techcrunch.com/2010/05/05/video-major-facebook-security-hole-lets-you-view-your-friends-live-chats/

You’ve got to hand it to Facebook. They certainly know how to do security — not.

Today I was tipped off that there is a major security flaw in the
social networking site that, with just a few mouse clicks, enables any
user to view the live chats of their ‘friends’. Using what sounds like
a simple trick, a user can also access their friends’ latest pending
friend-requests and which friends they share in common. That’s a lot
of potentially sensitive information.

Unbelievable I thought, until I just tested the exploit for myself.

And guess what? It works.

The irony is that the exploit is enabled by they way that Facebook
lets you preview your own privacy settings. In other words, a privacy
feature contains a flaw that lets others view private information if
they are aware of the exploit.

I know Facebook wants us to share more information and open up, but
I’m not sure that this is quite what they had in mind.

Because this has major implications for user privacy we’ve informed
Facebook about this exploit.

Here is the video of the exploit in action.


More information about the Infowarrior mailing list