BBC Exposes Serious Facebook Privacy Flaw
Posted by Tom Warren on 01 May 2008 - 09:56 · 29 comments & 6720 views
About the Author
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(5 replies)
#1 Posted by +nezermundy on 01 May 2008 - 10:01
- I saw this, what they did is pretty neat. However it is concerning since any one can do it.
-
#1.1 Posted by Justin- on 01 May 2008 - 17:50
- Oh please, this is biased news reporting at it's very best.
If you're going to report something and get people all worked up about it, then ALSO report that there are, obvious ways, to turn it off. Here's how to do it ... go to Privacy, then Applications ...
Just disable that information, then those applications won't be able to access "your personal information, which can lead to ID theft". Just another reason to never take the media at face value without doing your own "investigation" of the facts ... -
#1.2 Posted by bobbba on 01 May 2008 - 20:37
- doesn't blocking the info from the apps also block it from being shared with your friends?
-
#1.3 Posted by Justin- on 01 May 2008 - 21:19
- (bobbba said @ #1.2)doesn't blocking the info from the apps also block it from being shared with your friends?
Yes, that's what the picture I posted shows.
-
#1.4 Posted by creamhackered on 02 May 2008 - 08:31
- Yes we know about that Justin but by default those options are enabled so for most users that don't go into these privacy settings this is a huge issue.
-
#1.5 Posted by theyarecomingforyou on 02 May 2008 - 10:47
- Biased? Hardly. It's a serious vulnerability because a user doesn't have to use the malicious application and by default users are at risk. In order to protect yourself you basically have to cut off access to lots of features that break other applications, hence few users will change the settings.
-
(1 reply)
#2 Posted by funkymunky on 01 May 2008 - 10:27
- To be honest.
I'm sure it will be quite easy to create an application that can do this...
Moral of the story - Don't put personal information on facebook -
#2.1 Posted by aclarke_31 on 01 May 2008 - 15:51
- Morale of the story - Don't put personal information anywhere on the web.......
-
(2 replies)
#3 Posted by JamesWeb on 01 May 2008 - 11:45
- I put my address and credit card details on Facebook, so if I lose my card my friends know whose it is. Does this mean ANYONE can see it?!
-
#5 Posted by madkingsoup on 01 May 2008 - 12:17
- The moral is that common sense should always prevail. If you don't give your personla details out to a total stranger, why would you put them on an unsecured web server?
-
(4 replies)
#6 Posted by +Lt-DavidW on 01 May 2008 - 12:26
- It's NOT a flaw.
You agree to grant the application access to this information when you add it.
Just the BBC being paranoid about data theft again. -
#6.1 Posted by +macf13nd on 01 May 2008 - 12:56
- wasnt the whole point that if your friends are idiotic enough to allow the application data then you are at risk:
Even if your security settings are tight (mine are), my profile is still set to allow my friends to see my info. Therefore, if an idiot friend of mine grants an application what are essentially admin rights on his / her profile, then that app can see all the information that that person's profile has access to - i.e. presumably my profile.
Unless I'm misunderstanding - I only skimmed the article. -
#6.2 Posted by ZombieFly on 01 May 2008 - 13:01
- (macf13nd said @ #6.1)wasnt the whole point that if your friends are idiotic enough to allow the application data then you are at risk:
Even if your security settings are tight (mine are), my profile is still set to allow my friends to see my info. Therefore, if an idiot friend of mine grants an application what are essentially admin rights on his / her profile, then that app can see all the information that that person's profile has access to - i.e. presumably my profile.
Unless I'm misunderstanding - I only skimmed the article.
your understanding is correct, it's Lt-DavidW who isn't understanding. -
#6.3 Posted by creamhackered on 01 May 2008 - 13:25
- Did you watch the video or did you just not understand it? If someone ELSE adds the app YOU are at risk!
-
#6.4 Posted by +macf13nd on 02 May 2008 - 00:24
- (ZombieFly said @ #6.2)(macf13nd said @ #6.1)wasnt the whole point that if your friends are idiotic enough to allow the application data then you are at risk:
Even if your security settings are tight (mine are), my profile is still set to allow my friends to see my info. Therefore, if an idiot friend of mine grants an application what are essentially admin rights on his / her profile, then that app can see all the information that that person's profile has access to - i.e. presumably my profile.
Unless I'm misunderstanding - I only skimmed the article.
your understanding is correct, it's Lt-DavidW who isn't understanding.
good.
-
#7 Posted by _dandy_ on 01 May 2008 - 15:35
- OMG, privacy flaws on a site whose sole existence is to collect private information? Where do I sign up?
-
(1 reply)
#9 Posted by +hotdog963al on 01 May 2008 - 16:22
- Oh **** my info such as "Music" and "Interests" is going to get exposed! OH NOES!
-
#10 Posted by duphus on 01 May 2008 - 21:39
- Why would anyone put information on Facebook that's worth stealing in the first place anyway? I have name, sex, hometown and relationship status. Applications are bloody annoying anyway.
-
#11 Posted by Shiranui on 02 May 2008 - 00:51
- What! You mean my stripper name could be stolen!!??!!?
-
#13 Posted by leesmithg on 02 May 2008 - 09:17
- What do they mean the bloated broadcasting corporation saying they discovered a serious flaw or flaws?
I thought most of us knew this already! LMAO @BBC
Last edited by leesmithg on 02 May 2008 - 17:12
-
(1 reply)
#14 Posted by
neufuse on 02 May 2008 - 13:15
- What happened to the days when the BBC was a good news organization?
-
#14.1 Posted by lunarcanary on 02 May 2008 - 16:57
- (neufuse said @ #14)What happened to the days when the BBC was a good news organization?
When people allow applications to use that personal info, they don't assume it's being harvested for anything other than the game. So the privacy flaw is a deception. jmo
-
#15 Posted by lunarcanary on 02 May 2008 - 16:56
- yeah i saw this one earlier
i encourage you guys to do what you think is want. i think that facebook is a big social thing nowadays, and a lot of people in certain demographics seem to use it.
i think at the end of the day, people on these networks really care about themselves and on occasion a few people they kind "follow" around.
call me a rebel rouser, but I'd like to see the day where people login one day to see the latest 10 profile views on their page. people would be in effect, caught "peeping" and feel utterly humiliated by the feeble and pathetic basis of the site. this is why myspace was so quick to stunt this. everyone wants to know who views their profile, but not the other way around.
these are people who know each other in real life, but much of the peeping happens between the weaker IRL ties. who is peepin your profile?
Using a simple malicious application could open up yourself and your friends (who do not need to install the application) to ID fraud. The BBC has compiled a video to demonstrate the flaw and if you are an avid Facebook user I suggest you watch it and take note. It's not clear whether the techniques described by the BBC are currently in use on Facebook but if one of your friends only has to add the application and this opens your Facebook profile up this is a serious flaw.