Update: Facebook fixes security lapse that exposed photos
Researcher and reporter accessed restricted photos of Paris Hilton, Facebook CEO
Computerworld - Even after last week's unveiling of privacy upgrades, a security lapse on the Facebook Inc. social network early this week still exposed restricted photos to anyone using the site, according to an Associated Press report later confirmed by the company to Computerworld.
A spokeswoman said that after learning of the problem, Facebook engineers on Monday "tested the scenario, found that it was a bug and fixed it immediately." In a statement, the company added that "We take security very seriously."
The AP verified the security lapse earlier Monday after receiving a tip from Byron Ng, a Canadian computer technician who claimed to discover the lapse. Ng said he began looking for security weaknesses at the popular social network after last week's announcement that Facebook had developed new ways for members to limit access to content in their personal profiles.
Ng was able to find private pictures of Paris Hilton, and he sent the AP a template that allowed the company to access private photos of Facebook co-founder and CEO Mark Zuckerburg.
Marshall Kirkpatrick, a blogger at ReadWriteWeb, wrote that his readers had found evidence that the photos were exposed to unauthorized users for months via a simple URL edit.
"[The lapse] appears to have been simply a technical inadequacy," Kirkpatrick wrote. "It's tempting to say that breaches like this are an obstacle to ongoing user adoption of online services. At the same time, how often are credit card numbers exposed? The convenience of online shopping mitigates the impact of those stories. The same may or may not be true with online social networking."
Nick O'Neill, a blogger at AllFacebook, said that as Facebook grows, the company will be forced to upgrade privacy protections during each level of development.
"Then again, should Facebook hold the same standards for their photos team as they do for their credit card processing?" O'Neill added. "I would imagine that it ends up being a cost-benefit analysis which determines how much protection goes into each product."
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- Now is the time to implement a video conference solution Video conferencing is getting a lot of buzz lately due to the recent cost decrease, making it tangible for many law firms. It's...
- Video drives engagement Achieving maximum results means building a solid platform and network infrastructure. As digital age unfolds, it's clear that the ability to communicate effectively...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Web Apps White Papers | Webcasts