Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Breaks Major Websites With Redirection Bug

Posted by Soulskill on from the now-we're-tripping-on-virtual-power-cords dept.

johnsnails writes "Some of the biggest news sites in the world disappeared yesterday when Facebook took over the internet with a redirection bug. Visitors to sites such as The Washington Post, BuzzFeed, the Gawker network, NBC News and News.com.au were immediately transferred to a Facebook error page upon loading their intended site. It was fixed quickly, and Facebook provided this statement: 'For a short period of time, there was a bug that redirected people logging in with Facebook from third party sites to Facebook.com. The issue was quickly resolved, and Login with Facebook is now working as usual.'"

21 of 179 comments (clear)

  1. so... by liamevo · · Score: 5, Insightful

    can we please stop relying on third parties for things *you* should be providing to your users.

    1. Re:so... by Seumas · · Score: 5, Funny

      Hey, just because all of my forum stuff comes from Disqus, my word of mouth spreading comes from twitter, facebook, and google plus integrations, and my content comes from automatic AP feeds doesn't mean I don't provide anything myself! I . . . . uh . . . .

    2. Re:so... by orthancstone · · Score: 5, Insightful

      On one hand, I'd prefer to see authentication in the hands of someone I consider more reliable (like Google) than someone programmer of questionable ability at (Insert Random Dying Newspaper here).

      On the other hand, a hearty "HA HA!" does feel appropriate here. They do get what they are asking for by being so deeply tied to a third party.

    3. Re:so... by saveferrousoxide · · Score: 5, Funny

      I deal with the goddamn customers!

    4. Re:so... by CastrTroy · · Score: 4, Interesting

      I know a guy who does this. He pulls in about $50 a month with a site that basically runs itself. The only reason I don't do it is because the "ads" he ends up generating money off of are the kind that pay out when the visitor to his site installs a tool bar or some other nefarious thing. The only reason I wouldn't do that is that I don't think it's ethically correct to lure people into installing stuff they don't want on their computer. But I imagine that someone who's ambitious enough, and who sets up enough sites could generate quite a bit of money like this.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  2. Congrats by Anonymous Coward · · Score: 5, Insightful

    If you let others insert scripts into your pages they can steal your visitors.

    Maybe it'll make sites think about who they script src from.

    1. Re:Congrats by FireFury03 · · Score: 4, Insightful

      If you let others insert scripts into your pages they can steal your visitors.

      Maybe it'll make sites think about who they script src from.

      One of the bad things I've noticed recently is that HSBC is including objects from third party organisations in their ebanking login pages. I do wonder if any thought has gone into the security of such things, or if HSBC simply don't care (my experience of banks tells me that none of them have a single clue when it comes to internet security).

      --
      http://blog.nexusuk.org
  3. facebook by hackula · · Score: 4, Funny

    The first successful test. Soon every site will redirect to facebook, then... the world!

  4. Re:Um... How? by belthize · · Score: 3, Interesting

    I suspect horrible article is the main culprit. At a guess I suspect this is nothing more that Facebook's authentication service failing.

    Client is directed to Facebook for authentication, mechanism fails, Facebook tosses up error page. The implication that Facebook did anything wrong other than having buggy authentication is likely way of base.

    Full disclosure, don't have a facebook page, never visited a facebook page, have zero interest in facebook.

  5. I keep trying to use Facebook. by hessian · · Score: 5, Insightful

    I've come to the conclusion that social networking is screwed up because the people who use it most are the people who are least invested in reality.

    Every time I try to use Facebook, I get driven away by the behavior of its users. Not the Instagram dinner plate updates, or the personal drama, because I've already filtered out those people.

    It's the sensitivity. People take anything seriously. I posted an article showing that divorce really screws up kids. I got back a half-dozen replies, all from people who'd had divorces, defending their own decisions. When I said that it wasn't personal, they said they still felt attacked.

    There were other instances of similar behavior too. People hover around Facebook, looking for some reason to cause a scene. Why was this, I wondered.

    It seems to me that if you have found something worth doing in life, you're mostly doing it. That doesn't mean your job. If your job sucks, you've probably got a project on the side. You're not going to devote your time to screwing around, which is what most people on Facebook do.

    This means that social networking including Facebook selects out the people who have any direction in life, and leaves the resentful, bored, unemployed, disabled, upset, insane, teenage, etc. and concentrates them in large numbers. This is why so much of the response is crazy.

    I should amend the post title. I used to keep trying to use Facebook (and MySpace, Digg, Reddit, Friendster, Pinterest, etc.). But now, I don't. These aren't places where healthy people hang out.

    --
    Futurist Traditionalism
  6. Re:Um... How? by Culture20 · · Score: 3, Informative

    These sites are including javascript from facebook. Check your noscript/requestpolicy lists on those pages and you'll be surprised how many external sites those pages include javascript and images from. This was bound to happen (and worse things have probably happened in secret).

  7. Story Subject Fail by OzPeter · · Score: 4, Informative

    Facebook did not "Break major websites". Instead Facebook users who were logged in to Facebook (and hence working under the auspices of Facebook) were screwed over when they went to third party sites. Sheesh .. even TFS explains that.

    Are we now starting to refer to the Internet as teh Facebook???

    --
    I am Slashdot. Are you Slashdot as well?
  8. Re:Um... How? by Anonymous Coward · · Score: 4, Insightful

    In short, "Web bugs", short bits of code that are included inline from another provider. Basically these sites had on their front page a "get shit from facebook" or some such badge displayed, that badge is not created by the site owner but is sourced inline from facebook, now if the thing they pull from facebook is broken and facebook presents a redirect to your browser in place of the web bug (badge, whatever) then your browser dutifully redirects.

    If facebook were malicious they could commandeer half of the web.

  9. It Has Its Ups and Downs by eldavojohn · · Score: 5, Interesting

    can we please stop relying on third parties for things *you* should be providing to your users.

    Clearly it has benefits and disadvantages. One of the disadvantages is displayed in this story. I could name a decent amount of benefits though: 1) you don't have to register again and again every time you want to use some site. 2) you don't suffer from password fatigue. 3) you don't have to worry about no talent ass clowns storing your username and password in plaintext (although you do have to worry about facebook being no talent ass clowns about that). 4) if I just want to stand up a quick little site that is nothing more than CRUD associated to users then all that login stuff can be offloaded to facebook or whomever. 5) from a large corporation standpoint, you can now get additional social data about your users from the facebook api (I know, this isn't necessarily an advantage for the end user and is best viewed as double edged).

    Are you opposed to openID too?

    --
    My work here is dung.
    1. Re:It Has Its Ups and Downs by Rockoon · · Score: 4, Insightful

      Indeed.

      I think many people are in support of third party authentication semantics for non-critical sites..

      Even though ultimately facebook is probably a bad choice for it, what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

      --
      "His name was James Damore."
    2. Re:It Has Its Ups and Downs by whargoul · · Score: 5, Interesting

      ...what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

      I use Twitter when the option is available only because they don't collect data on me like facebook does. If it's facebook only, I usually won't sign up.

    3. Re:It Has Its Ups and Downs by DragonWriter · · Score: 3, Interesting

      Even though ultimately facebook is probably a bad choice for it, what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

      OpenID. Sure, a provider having a similar error could stop users of that provider from logging on to your site, but its not a single point of failure for the entire site, its a single point of failure for the user and all the sites they use it to log into.

  10. Re:Details: Logging in from 3rd party sites? by SJHillman · · Score: 5, Informative

    The third-party sites load a chunk of Facebook onto their site, so if you're logged into Facebook then you're logged into that chunk on the third-party site. The third-party site doesn't have your login or information - it's passed between you and the chunk of Facebook on that site. Or at least, that's how it's supposed to work.

    It's not the 90's anymore... you can load a page that's connected to dozens of different services that are almost completely independent of each other and the page you're on.

  11. Re:Um... How? by Anonymous Coward · · Score: 4, Interesting

    The Steam browser is a nice example of facebook javascript gone wrong. Every page with a "like" script on it redirects to some facebook address as soon as the page finishes loading. The end result is that you see what you wanted to see, but the URL bar is always some sort of lenghty facebook redirect because Steam is trying to load it somehow but fails and leaves you on the page you wanted to visit anyway.

  12. Re:Single point of failure by SJHillman · · Score: 3, Informative

    I use Facebook, I admit it. However, I only use Facebook for Facebook. If I log in to another site, I don't use the "Connect with Facebook" option to log in. If the site only allows you to log in with Facebook, I leave. I've yet to find a mission critical site like banks, etc that use Facebook or another service. Therefore, I'm doing my part to save humanity from the single point of failure.

  13. What's also interesting... by raehl · · Score: 3, Interesting

    ...I got this bug on a website I do *NOT* use Facebook to log into, so the Facebook statement appears incorrect in that regard. (I was logged into Facebook in that browser though.)

    --
    paintball