Slashdot Mirror
Facebook Caught Exposing Millions of Credentials
fysdt writes "Facebook has leaked photographs, profiles and other personal information for millions of its users because of a years-old bug that overrides individual privacy settings, researchers from Symantec said. The flaw, which the researchers estimate has affected hundreds of thousands of applications, exposed user access tokens to advertisers and others. The tokens serve as a spare set of keys that Facebook apps use to perform certain actions on behalf of the user, such as posting messages to a Facebook wall or sending RSVP replies to invitations. For years, many apps that rely on an older form of user authentication turned over these keys to third parties, giving them the ability to access information users specifically designated as off limits."
There should be a law requiring a fine for each user who's personal information is compromised as a result of bugs like this. My bet is that if there were, this type of thing would happen far less often. Of course, Facebook isn't the only company guilty of this type of thing -- and I suspect that until there is some serious consequence associated with this type of security hole, most companies won't take it seriously enough.
Facts have a liberal bias.
Researchers note that they would have released this study much sooner, but their PCs were hamstrung by Norton Internet Security.
Humor from a Genetically Molested Mind
Somebody needs to take a refresher course in "What is this 'news" thing, anyway?" Something that happens with utter predictability and regularity, like a dog biting a man, is never really news. But if a man were to bite a dog, or Facebook was caught protecting user information, then that would be news.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
The Zen way. You stand by instead of using it, and watch with compassion how the rest of humanity does something really stupid.
I thought we wanted to fix the problem.
I use Facebook to keep in touch with patients and other health care professionals (chiropractors, homeopaths, acupuncturists, etc.)
Let me fix that for you ....
I use Facebook to keep in touch with patients and other quacks and dispensers of expensive placebos that have absolutely no scientific evidence to back their efficacy (chiropractors, homeopaths, acupuncturists, etc.)
There you go ....
Facebook staff have been amazed to discover that when Facebook passes users' complete details to application developers and advertisers like candy, some of the partner companies might accidentally let slip the information in some manner.
"We are appalled at this information leak," said Facebook founder Mark Zuckerberg as he took a break from his personal RSS feed of drunk women's tits posted to his service. "But I can assure you that we have sternly suggested to everyone involved that they take somewhat greater care not to get caught, and maintain a serious demeanor when rolling around in the great big pit filled with money in their basement."
"I'm horrified and outraged," said office worker Brenda Busybody, 43 (IQ), "that stuff I put on the Internet is on the Internet. It violates everything I expect. I want privacy when I'm calling my boss a useless fuckstick to the entire world, all my coworkers and my boss himself. And when I'm playing a bit of FarmVille before we nick off down the pub."
Privacy advocates are working on Diaspora, a security-enhanced social network so far populated by Linux users who cryptographically sign every update about which episode of Babylon 5 they just finished watching alone in their parents' basement. "START PGP KEY BLOCK!" said open source software advocate Hiram Nerdboy, 17. "WE WILL PROTECT YOUR FREEDOMS!" The next version of Diaspora will allow users to list more than three friends, should there be any demand whatsoever for such a feature.
Facebook works on the now-standard "Web 2.0” business model: 1. Brutally sodomise the personal privacy of anyone who comes within a mile of your service and say "hey baby, I'm sorry" every time you're busted. 2. Sell ads.
http://rocknerd.co.uk