On a big site like Facebook (read more posts about Facebook), there will always be some kind of exploit available, just waiting to be found – sometimes already found by somebody. Once such an exploithas been fixed by Facebook, it’s just a matter of time before another one appears. It happens for everybody and I think it’s safe to say that all IT systems run the risk of exploits one way or another – just look at Microsoft WIndows XP, for one…
Anyway, this recent Facebook exploit was related to the chat feature available at the site. Using the privacy feature to preview your profile, as it would be seen by somebody else, you would gain access to their (the “somebody else” person) chat, and apparently also see pending friend requests.
The exploit has already been fixed by Facebook, who acted rather quickly by first disabling the chat for everybody and then re-enabled it once it was fixed.
In the video below, you can see the exploit in action. I would say this is rather embarassing for Facebook. As mentioned, security issues do happen with software, but usually you would have to do something more than just use the software as intended (like in this case), to trigger it.
While on the subject of Facebook, don’t forget that TechPatio now has a Facebook page, and I would love for you to “like” it – it’s another way of staying updated with my posts, instead of a RSS feed.
The important thing is they fix it pretty soon before the exploit make user security in danger. Nice to see this video and good to see we yet not viewing any new security hole.
.-= Arafat Hossain Piyada´s last blog ..View member only restricted Facebook pages with Unhide Me =-.
I wonder for how long this particular exploit has been available, until it was reported/fixed. It could be just a matter of minutes, or maybe days?
.-= Klaus @ TechPatio´s last blog ..Rumor: MobileMe Subscription To Be Free? =-.
I am always amazed at how people can still use Facebook so willingly, what with the complete trampling of user privacy that has unfolded in the past 6 months. Its quite clear that the focus is more on generating advertising revenue and selling user data, as each update seems to open up a number of security risks and is set to open by default…
.-= SteveH´s last blog ..Understanding Senior Arthritis =-.
I understand what you mean Steve. I think the people who are aware of the risks using Facebook, still use it because there’s nothing better out there. Sure there are Flickr for photogs, YouTube for video-people etc., but no social media site that will let you connect friends, co-workers and family at the same place.
.-= Klaus @ TechPatio´s last blog ..Rumor: MobileMe Subscription To Be Free? =-.
it seems like privacy is not so important for certain providers, considering the news lately. google made a huge mistake, now facebook …
.-= wannabe´s last blog ..How To Get Much More Sex In Your Marriage =-.
What mistake did Google make? I must have missed it – please share 🙂
.-= Klaus @ TechPatio´s last blog ..Rumor: MobileMe Subscription To Be Free? =-.
This is what concerns me, while some of us prefer to keep things private but loopholes are everywhere. It’s good to evolve and change for the better, but I’ll be more appreciative if Facebook could work harder on maintaining the privacy in a secured manner.
Or we may need a new definition for ‘privacy’ from now on. ;P
.-= Ching Ya´s last blog ..5 Ways to Promote Your Facebook Fan Page on Personal Account =-.
That’s true – what is privacy worth to us when there are such loopholes available that will make everybody get a peak into the things we wanted to keep hidden from certain people 🙂
.-= Klaus @ TechPatio´s last blog ..Rumor: MobileMe Subscription To Be Free? =-.
It will be easier if people will just respect others’ privacy, but unfortunately, minorities are simply not born that way. At the end of the day, it all falls with facebook and the people behind it. Fame+fortune is equivalent to huge responsibilities.
Lots of things in the world would be better/easier if people just knew how to behave and treat eachother… unfortunately that’s not the case 🙁
.-= Klaus @ TechPatio´s last blog ..Rumor: MobileMe Subscription To Be Free? =-.
I don’t think I was aware of this exploit, maybe I came across it but just didn’t give much thought about it. If the exploit only lets others view pending friend requests then its not a biggie for me. Other than that, I’ve set my Facebook profile and other info to be viewed only by friends, but not all my friends. Only those friends who are on the whitelist. 😀
I filter my friends into groups and certain groups can only see a portion of my profile, some can’t see anything, some can only access my wall posts while close friends and family members get to see everything.
Anyways, thanks for sharing about this exploit. Its good to know that Facebook addressed the situation immediately.
.-= Jaypee´s last blog ..Matt Mullenweg: State of the Word 2010 =-.