Slashdot Mirror
Facebook Fixes Bug That Allowed Users To Set Other Users' Passwords
An anonymous reader writes: Facebook has paid $15,000 (€13,600) to an independent security researcher who discovered a simple way of resetting passwords for other people's Facebook accounts, setting a new passphrase and effectively taking over profiles.
The problem was in the fact that Facebook also runs a Beta platform on beta.facebook.com. This platform's "reset password" feature did not include brute-force protection and allowed anyone to guess the six-digit verification code sent to someone's phone when resetting the password. This issue also raises another question: How many unsafe features are on Facebook's beta platform that have not been patched simultaneously with the main platform?
The problem was in the fact that Facebook also runs a Beta platform on beta.facebook.com. This platform's "reset password" feature did not include brute-force protection and allowed anyone to guess the six-digit verification code sent to someone's phone when resetting the password. This issue also raises another question: How many unsafe features are on Facebook's beta platform that have not been patched simultaneously with the main platform?
You'd normally expect more features in beta, even if not stable. Weird to see less protection on the beta platform
You never saw /. beta did you?
I am Slashdot. Are you Slashdot as well?
I could see having a per-account switch to "allow me to use my account in beta" (default = OFF) for developers who want to play with this stuff, but why would you want to expose your production customers to untested software like this?
>> Weird to see less protection on the beta platform
Not if you've ever seen teams refactor code in a large codebase. When that occurs, you often lose a lot of the "history" and "memory" of a branch, which often resurfaces bugs, edge cases take care of years ago and new vulnerabilities.
Facebook is not about customer service. It's not Mickey Ds.
FB is largely a platform for people, namely Americans, to bolster their ego without doing any real work. You just post some tit pictures and let the "likes" roll in, and if puffs your ego up. FB is one of the worst things to ever happen to the American psyche. Everyone thinks they are a bad ass with talent, whereas reality is closer to "whiny bitch that no one cares about"
fucking cheapskates.
___
wtf is with capcha treating me like a nigerian prince trying to send webmail? captcha: zmnjwfm