Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook App Exposes Abject Insecurity

Posted by CmdrTaco on from the pay-no-attention-to-the-hole-in-my-pants dept.

ewhac writes "Back in June, the American Civil Liberties Union published an article describing Facebook's complete lack of meaningful security on your and your friends' information. The article went virtually unnoticed. Now, a developer has written a Facebook 'Quiz' based on the original article that graphically illustrates all the information a Facebook app can get its grubby little hands on by recursively sweeping through your friends list, pulling all their info and posts, and showing it to you. What's more, apps can get at your information even if you never run the app yourself. Facebook apps run with the access privileges of the user running it, so anything your friend can see, the app they're running can see, too. It is unclear whether the developer of the Facebook app did so 'officially' for the ACLU."

3 of 205 comments (clear)

  1. Re:Really? by automag · · Score: 5, Informative

    The problem isn't so much that public information is public, it's that Facebook represents itself as secure and private to its users and then leaves the barn door open for developers, betraying that trust. Should Facebook users be more cautious? Absolutely. But most Facebook users are sheep-le who won't give a second thought to this kind of thing. If someone wants to leave their own information open and public that's one thing, but when they leave their entire network of 'Facebook friends' information public by proxy (even if their friend has done everything 'right' in terms of securing their information) that's where the real problem lies.

    --
    ---As my daddy used to tell me: "You gotta be smart before you can be a smartass."
  2. Re:Really? by betterunixthanunix · · Score: 4, Informative

    "But, every time you install an FB app, it DOES ask you if you wish to allow the app to have full access to your information. So, if you don't feel comfortable, don't click that button!"

    As the app in question demonstrates, you do not personally have to install an app in order for the app to see your Facebook information; a friend who installed could give it the same level of access.

    --
    Palm trees and 8
  3. Re:Tracy sure didn't get it... by Anonymous Coward · · Score: 4, Informative

    Tracy's account was hacked by 4chan.

    4chan hacked a christian dating site, and got a list of details and passwords contained on it's servers in plaintext. Not sure of the details (whether the users of the site just had the same passwords for that and facebook or if some other step was involved), but they used this to gain access to hundreds of facebook accounts.

    They then proceeded to do their typical 4chan thing and post fake messages, porn, goatse, "coming out" messages etc. on all the compromised accounts. This was one of them.

    Don't blame Tracy. She didn't post that.

    Blame the Christian dating site for insecurity.

    Blame 4chan for being 4chan.