BBC exposes Facebook flaw

01-05-2008, 09:23

Quote:

The BBC's technology programme Click has exposed a security flaw in the social networking site Facebook which could compromise privacy.

http://news.bbc.co.uk/1/hi/technology/7376738.stm

Raistlin · 01-05-2008, 10:02

IIRC this particular issue was discussed in 2600 in some depth a while back.

As it's had decent exposure for some time now, the techniques for doing it aren't anything difficult/new/special, and facebook is so massive, I find it incredible (and also a little bit infuriating) that they've done nothing to close this particular hole.....

downquark1 · 01-05-2008, 10:57

This is not a flaw with the code, its a feature. There is a warning and everything. You can question the point of the feature.

Secondly, applications have been available on facebook for how long? And the BBC has just twigged? Slow news day or was a scaremongering story pulled from the hat?

Gee, I'm glad I read about the "new" lolcat Phenomenon on the daily mail site last week, I may have missed it for the god knows how many years its been around.

**Paul** · 01-05-2008, 11:02

Quote:

Originally Posted by Raistlin

IIRC this particular issue was discussed in 2600 in some depth a while back.

2600 ?

punky · 01-05-2008, 11:12

They mention it in their terms and conditions and give you an option to opt-out, so its hardly a 0-day vulnerability. And i'm not a Facebook expert but it only seems to collect information which is public anyway?

Seems a bit stupid it affects your friends though?

downquark1 · 01-05-2008, 11:13

Quote:

Originally Posted by Gavin

They mention it in their terms and conditions and give you an option to opt-out, so its hardly a 0-day vulnerability. And i'm not a Facebook expert but it only seems to collect information which is public anyway?

Seems a bit stupid it affects your friends though?

I think it depends on the privacy settings those friends have set.

Raistlin · 01-05-2008, 11:23

Quote:

Originally Posted by Paul M

2600 ?

Sorry,my bad

http://www.2600.com/

---------- Post added at 10:23 ---------- Previous post was at 10:18 ----------

Quote:

Originally Posted by Gavin

Seems a bit stupid it affects your friends though?

You can actually use the in-built 'features' of facebook to list your own friends. By putting together the right 'application' I can mine your profile for all their data, and their friends' data, and their friends' data.....you get the point.

As I understand it you can choose to make your profile available only to those people on your friends list. You can also choose how much of your profile you make available to them.

Now then.....

What this all means is that it doesn't (in theory at least) matter if you set your profile to private, if your friend runs an application that mines for data from their friends list it will still get your private information. The request appears to come from someone on your friends list and so the facebook site will simply serve it up as it would normally.

01-05-2008, 11:34

I remember the 2600 crew from my early Amiga days. I'd forgotten all about them til now. Thanx Raistlin.