Face book
has moved rapidly to shut down a loophole which made some accounts accessible
without a password. The message contained a search string that, when used on
Google, returned a catalog of links to Face book accounts. In a few cases
clicking on a link logged in to that account without the need for a password. According
to Mr. Jones, Regardless, due to some of these links being disclosed, we've
turned the feature off until we can better ensure its security for users whose
email contents are publicly noticeable.
Email
alerts about status updates and notifications often contain a link that lets a
user of the social network react quickly by clicking it to log in to their
account. The message posted to Hacker News used a search syntax that exposed a
system used by Face book that lets users speedily log back in to their account.
The bug was showing in a message posted to the Hacker News website.
Chinese
French
German
Italian
Japanese
Korean
Russian
Spanish
1 comments:
thanks for the posts. great blog.
Post a Comment