Face book fault: bypasses password protections

Face book has moved rapidly to shut down a loophole which made some accounts accessible without a password. The message contained a search string that, when used on Google, returned a catalog of links to Face book accounts. In a few cases clicking on a link logged in to that account without the need for a password. According to Mr. Jones, Regardless, due to some of these links being disclosed, we've turned the feature off until we can better ensure its security for users whose email contents are publicly noticeable.
Email alerts about status updates and notifications often contain a link that lets a user of the social network react quickly by clicking it to log in to their account. The message posted to Hacker News used a search syntax that exposed a system used by Face book that lets users speedily log back in to their account. The bug was showing in a message posted to the Hacker News website.

No comments:

Post a Comment