The BBC's technology programme Click has exposed a security flaw in the social networking site Facebook which could compromise privacy.

Using a simple malicious application could open up yourself and your friends (who do not need to install the application) to ID fraud. The BBC has compiled a video to demonstrate the flaw and if you are an avid Facebook user I suggest you watch it and take note. It's not clear whether the techniques described by the BBC are currently in use on Facebook but if one of your friends only has to add the application and this opens your Facebook profile up this is a serious flaw.

Video: >> Click here <<
View: BBC News Article



There are 29 additional comments
Advertisement
(5 replies) Quote this comment Reply to this comment #1 Posted by +nezermundy on 01 May 2008 - 10:01
I saw this, what they did is pretty neat. However it is concerning since any one can do it.
Quote this comment #1.1 Posted by Justin- on 01 May 2008 - 17:50
Oh please, this is biased news reporting at it's very best.

If you're going to report something and get people all worked up about it, then ALSO report that there are, obvious ways, to turn it off. Here's how to do it ... go to Privacy, then Applications ...



Just disable that information, then those applications won't be able to access "your personal information, which can lead to ID theft". Just another reason to never take the media at face value without doing your own "investigation" of the facts ...
Quote this comment #1.2 Posted by bobbba on 01 May 2008 - 20:37
doesn't blocking the info from the apps also block it from being shared with your friends?
Quote this comment #1.3 Posted by Justin- on 01 May 2008 - 21:19
(bobbba said @ #1.2)
doesn't blocking the info from the apps also block it from being shared with your friends?


Yes, that's what the picture I posted shows.
Quote this comment #1.4 Posted by creamhackered on 02 May 2008 - 08:31
Yes we know about that Justin but by default those options are enabled so for most users that don't go into these privacy settings this is a huge issue.
Quote this comment #1.5 Posted by theyarecomingforyou on 02 May 2008 - 10:47
Biased? Hardly. It's a serious vulnerability because a user doesn't have to use the malicious application and by default users are at risk. In order to protect yourself you basically have to cut off access to lots of features that break other applications, hence few users will change the settings.
(1 reply) Quote this comment Reply to this comment #2 Posted by funkymunky on 01 May 2008 - 10:27
To be honest.

I'm sure it will be quite easy to create an application that can do this...

Moral of the story - Don't put personal information on facebook
Quote this comment #2.1 Posted by aclarke_31 on 01 May 2008 - 15:51
Morale of the story - Don't put personal information anywhere on the web.......
(2 replies) Quote this comment Reply to this comment #3 Posted by JamesWeb on 01 May 2008 - 11:45
I put my address and credit card details on Facebook, so if I lose my card my friends know whose it is. Does this mean ANYONE can see it?!
Quote this comment #3.1 Posted by testman on 01 May 2008 - 11:54
Is this supposed to be a joke?
Quote this comment #3.2 Posted by +macf13nd on 01 May 2008 - 12:54
(testman said @ #3.1)
Is this supposed to be a joke?


it must be.
Quote this comment Reply to this comment #4 Posted by James7 on 01 May 2008 - 12:09
This is worrying news. I think I'll pass on Facebook.
Quote this comment Reply to this comment #5 Posted by madkingsoup on 01 May 2008 - 12:17
The moral is that common sense should always prevail. If you don't give your personla details out to a total stranger, why would you put them on an unsecured web server?
(4 replies) Quote this comment Reply to this comment #6 Posted by +Lt-DavidW on 01 May 2008 - 12:26
It's NOT a flaw.

You agree to grant the application access to this information when you add it.

Just the BBC being paranoid about data theft again.
Quote this comment #6.1 Posted by +macf13nd on 01 May 2008 - 12:56
wasnt the whole point that if your friends are idiotic enough to allow the application data then you are at risk:

Even if your security settings are tight (mine are), my profile is still set to allow my friends to see my info. Therefore, if an idiot friend of mine grants an application what are essentially admin rights on his / her profile, then that app can see all the information that that person's profile has access to - i.e. presumably my profile.

Unless I'm misunderstanding - I only skimmed the article.
Quote this comment #6.2 Posted by ZombieFly on 01 May 2008 - 13:01
(macf13nd said @ #6.1)
wasnt the whole point that if your friends are idiotic enough to allow the application data then you are at risk:

Even if your security settings are tight (mine are), my profile is still set to allow my friends to see my info. Therefore, if an idiot friend of mine grants an application what are essentially admin rights on his / her profile, then that app can see all the information that that person's profile has access to - i.e. presumably my profile.

Unless I'm misunderstanding - I only skimmed the article.


your understanding is correct, it's Lt-DavidW who isn't understanding.
Quote this comment #6.3 Posted by creamhackered on 01 May 2008 - 13:25
Did you watch the video or did you just not understand it? If someone ELSE adds the app YOU are at risk!
Quote this comment #6.4 Posted by +macf13nd on 02 May 2008 - 00:24
(ZombieFly said @ #6.2)
(macf13nd said @ #6.1)
wasnt the whole point that if your friends are idiotic enough to allow the application data then you are at risk:

Even if your security settings are tight (mine are), my profile is still set to allow my friends to see my info. Therefore, if an idiot friend of mine grants an application what are essentially admin rights on his / her profile, then that app can see all the information that that person's profile has access to - i.e. presumably my profile.

Unless I'm misunderstanding - I only skimmed the article.


your understanding is correct, it's Lt-DavidW who isn't understanding.


good.
Quote this comment Reply to this comment #7 Posted by _dandy_ on 01 May 2008 - 15:35
OMG, privacy flaws on a site whose sole existence is to collect private information? Where do I sign up?
Quote this comment Reply to this comment #8 Posted by TonyLock on 01 May 2008 - 16:17
This proves it, hackers use Macs!
(1 reply) Quote this comment Reply to this comment #9 Posted by +hotdog963al on 01 May 2008 - 16:22
Oh **** my info such as "Music" and "Interests" is going to get exposed! OH NOES!
Quote this comment #9.1 Posted by bobbba on 01 May 2008 - 20:40
your work history might be more worrying tho...
Quote this comment Reply to this comment #10 Posted by duphus on 01 May 2008 - 21:39
Why would anyone put information on Facebook that's worth stealing in the first place anyway? I have name, sex, hometown and relationship status. Applications are bloody annoying anyway.
Quote this comment Reply to this comment #11 Posted by Shiranui on 02 May 2008 - 00:51
What! You mean my stripper name could be stolen!!??!!?
Quote this comment Reply to this comment #12 Posted by +imis on 02 May 2008 - 07:31
i will watch that movie
Quote this comment Reply to this comment #13 Posted by leesmithg on 02 May 2008 - 09:17
What do they mean the bloated broadcasting corporation saying they discovered a serious flaw or flaws?

I thought most of us knew this already! LMAO @BBC

Last edited by leesmithg on 02 May 2008 - 17:12
(1 reply) Quote this comment Reply to this comment #14 Posted by vetneufuse on 02 May 2008 - 13:15
What happened to the days when the BBC was a good news organization?
Quote this comment #14.1 Posted by lunarcanary on 02 May 2008 - 16:57
(neufuse said @ #14)
What happened to the days when the BBC was a good news organization?


When people allow applications to use that personal info, they don't assume it's being harvested for anything other than the game. So the privacy flaw is a deception. jmo
Quote this comment Reply to this comment #15 Posted by lunarcanary on 02 May 2008 - 16:56
yeah i saw this one earlier

i encourage you guys to do what you think is want. i think that facebook is a big social thing nowadays, and a lot of people in certain demographics seem to use it.

i think at the end of the day, people on these networks really care about themselves and on occasion a few people they kind "follow" around.

call me a rebel rouser, but I'd like to see the day where people login one day to see the latest 10 profile views on their page. people would be in effect, caught "peeping" and feel utterly humiliated by the feeble and pathetic basis of the site. this is why myspace was so quick to stunt this. everyone wants to know who views their profile, but not the other way around.

these are people who know each other in real life, but much of the peeping happens between the weaker IRL ties. who is peepin your profile?
[1]

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.


Scroll to the Top
....
My Preferences
....
Communicating with server
Loading
Please Wait...
....
Loading
 X 
....