Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Flaw Exposed Private Photos

Posted by Soulskill on from the somebody's-having-a-bad-day-at-the-office dept.

Velcroman1 writes "A security hole in Facebook allowed almost anyone to see pictures marked as private, an online forum revealed late Monday. Even pictures supposedly kept hidden from uninvited eyes by Facebook's privacy controls aren't safe, reported one user of a popular bodybuilding forum in a post entitled 'I teach you how to view private Facebook photos.' Facebook appears to have acted quickly to eliminate the end-run around privacy controls, after word of the exploit spread across the Internet. It wasn't long before one online miscreant uploaded private pictures of Facebook founder Mark Zuckerberg himself — evidence that the hack worked, he said."

15 of 201 comments (clear)

  1. Again? by masternerdguy · · Score: 5, Insightful

    Facebook privacy violation? *shockface* I'm sure glad I don't use Facebook.

    --
    To offset political mods, replace Flamebait with Insightful.
    1. Re:Again? by fuzzyfuzzyfungus · · Score: 3, Insightful

      Cloud computing is all the rage these days. All proactive managers are moving their egregious vulnerabilities into the cloud, so it is only fair that tech journalism follow suit...

    2. Re:Again? by Anonymous Coward · · Score: 5, Insightful

      And no friend of yours uses facebook?
      And no one you ever was in a party with?
      And no one who has your adress in their gmail contact list?

      Facebook is a threat not limited to its users.

    3. Re:Again? by Anonymous Coward · · Score: 3, Insightful

      To you. It's a troll to anybody who's tired of seeing this trotted out every time there's a story that can be even vaguely linked.

    4. Re:Again? by fafaforza · · Score: 3, Insightful

      If you don't want private stuff to be exposed then don't post it. It's that simple. When you upload/post stuff, you have no control over it. But you can still use Facebook to stay in touch.

    5. Re:Again? by bronney · · Score: 4, Insightful

      Oh you missed the fun part brother. It's not whether you post it, it's I post you on it. You can't stop it, you can't delete it.

  2. Of course by Sarten-X · · Score: 5, Insightful

    If you upload something to Facebook, assume anyone can see it. Whether it's a genuine hack, somebody figuring out your password, or leaving a computer logged in while you go grab coffee, somebody will at some point have access to everything, so don't upload it in the first place. It's that simple.

    That means don't complain profusely about your boss every day, don't send explicit messages to you lover, and certainly don't use Facebook to archive those pictures of that wild bachelor party.

    --
    You do not have a moral or legal right to do absolutely anything you want.
    1. Re:Of course by peragrin · · Score: 4, Insightful

      Always assume anything on facebook is visible to everyone always. You no longer have any control, it is never deleted, never removed.

      It is why i have never used facebook ever. It isnt worth it. While i do know some has posted pictures of me, those pictures cant truely be linked to me.

      --
      i thought once I was found, but it was only a dream.
    2. Re:Of course by Anonymous Coward · · Score: 4, Insightful

      (hey, Brian, I'm not wearing panties today. Surprise for when you get home after work! ;) )

      This is the classic problem of how to properly close a parenthetical statement that ends with an emoticon.

    3. Re:Of course by qubezz · · Score: 4, Insightful

      ... While i do know some has posted pictures of me, those pictures cant truely be linked to me.

      That is, until the other user imports their contact lists with your email addresses and phone numbers into Facebook, and starts tagging pictures of you, and they correlate others's address books with you in them. Then Facebook has a good idea who you are and who your "friends" are without you ever logging in.

  3. Omg! by Anonymous Coward · · Score: 1, Insightful

    A "bodybuilding" forum is reporting one of the biggest Facebook flaw I ever heard of? Or in other word, the biggest anti-geek place is reporting a really geek thing??

    What's the world coming to??

  4. A bug? In software? OH MY! by bennomatic · · Score: 5, Insightful

    Mistakes happen. Things get through QA. When a bug occurs, if it's in a flight control system, you might crash. If it's in a backup system, you might lose data. If it's in a social network, you might block users you didn't mean to, or you might open your data to unwanted eyes.

    Unless we're going to start regulating social networks like we do products for some other industries, then, well, there's a reasonable likelihood of this sort of thing happening on a regular basis. If you don't like it, don't share stuff on Facebook.

    --
    The CB App. What's your 20?
  5. Re:you can't trust 3rd parties with private info by fuzzyfuzzyfungus · · Score: 4, Insightful

    Inconveniently, tiny networks are dubiously useful for most of the purposes to which people put facebook, network effects and all that.

    It's not my cup of tea; but the notion that one could usefully improve one's security by simply replacing facebook with a personally implemented private network is roughly similar to the notion that one can usefully improve one's security by severing one's LAN from the internet.

    Both are true; but not terribly useful for most users.

  6. Surprisingly weak architecture by matthaak · · Score: 5, Insightful

    I think this story is revealing about Facebook's security architecture. One would have hoped that security policies are defined within the application at a very low level and that all requests for information -- be it photos, posts, whatever -- must pass through that low-level security layer. What this story reveals is that the security architecture of Facebook is such that each developer of each separate function (in this case, the report-a-nude-photo function) is responsible for re-implementing security checks.

  7. Re:Private pictures? by Sir_Eptishous · · Score: 4, Insightful

    The Canadian privacy expert David Flaherty expresses a similar idea when he argues: "There is no sentient human being in the Western world who has little or no regard for his or her personal privacy; those who would attempt such claims cannot withstand even a few minutes' questioning about intimate aspects of their lives without capitulating to the intrusiveness of certain subject matters."

    --
    We play the game with the bravery of being out of range