Facebook Privacy Problems Continue

Lora Bentley
Slide Show

If Facebook can remember these five facts about user privacy, its headaches might begin to fade.

Poor Facebook... The bad news just keeps coming.

 

This week a researcher at Secfence Technologies, Atul Agarwal, found a vulnerability that put the full names, e-mail addresses and photos of Facebook users at risk, even if their privacy controls are set to keep those things private.

 

PCWorld.com reports:

If someone enters the e-mail address of a Facebook user along with the wrong password, Facebook returns a special "Please re-enter your password" page, which includes the Facebook photo and full name of the person associated with the address. The feature...could be misused by spammers to get information on Facebook's 500 million users.

 

Atul Agarwal, who alerted the Full Disclosure mailing list after he found the problem, said spammers with lists of e-mail addresses could extract the full names and photos of the users to whom those e-mail addresses belong, and then use the info to make phishing attacks more attractive. Or, they could use the feature to validate lists of random e-mail addresses they have created, and then use those in phishing attacks.


 

Facebook is attributing the problem to a recently introduced bug that caused the controls intended to prevent such disclosure to stop working. A spokesperson told PCWorld the company is working on a fix and should have it shortly.



Add Comment      Leave a comment on this blog post
Aug 14, 2010 9:13 AM David Prentice David Prentice  says:

A new approach to protecting your Facebook privacy that is by CLOAKing your posting. Best of all - it works independently of the Facebook privacy settings.

Users select the part of their posting that they'd like to keep private, pick their own keyword and encrypt it before posting. Postings are still made as normal and Facebook is not affected (other than the fact that neither they nor advertisers can read your posting. Only those people who you've shared your keyword with can read that encrypted posting.

The CloakGuard plugin works supports FireFox today. A free online version is also available which does the encryption without requiring any software download.

Free Plug-In Download              

https://addons.mozilla.org/en-US/firefox/addon/194385/

Free Online version       

http://cloakguard.com/tryitfree.php

Demo                         

http://www.youtube.com/watch?v=bSiKgesit4Q

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.