Facebook Security Hole Shows Your Friends' Chats
Facebook has patched a security hole that inadvertently allowed users to see what their friends were instant messaging to other people.
One of Facebook's privacy tools gives you the ability to see how your profile looks to other people. You can use it to make sure all of your settings are set to 'friends only' or check that certain people can't see certain aspects of your profile. It's a useful tool if you're always trying to block your boss or family from seeing incriminating vacation pictures, or stop them from seeing wall posts. However, a glaring problem with this neat little tool became apparent on Wednesday: in showing you your profile through your boss' eyes, Facebook also showed you your boss' IM conversation if he or she happened to be online and chatting with someone else on Facebook. You could also see any pending friend requests.
TechCrunch made a video demonstrating how the bug worked:
Facebook then sent the site the following statement:
“For a limited period of time, a bug permitted some users’ chat messages and pending friend requests to be made visible to their friends by manipulating the “preview my profile” feature of Facebook privacy settings. When we received reports of the problem, our engineers promptly diagnosed it and temporarily disabled the chat function. We also pushed out a fix to take care of the visible friend requests which is now complete. Chat will be turned back on across the site shortly. We worked quickly to resolve this matter, ensuring that once the bug was reported to us, a solution was quickly found and implemented.”
Did any of you see this bug in action? Let us know in the comments below!
- FCC Revising Broadband to Enforce Net Neutrality
- AT&T Customers Still Very Unhappy With Service
- School Didn't Spy, Just Had Crappy Privacy Policies
- Microsoft Releases IE9 Preview 2
- The Alarm Clock That Does All the Thinking
- LightLeafs Promises a Bookmark Revolution
- Hohrizontal 51 Shelf Doubles as iPod/iPhone Dock
- iPad Spy Software Snoops on Email, History
- Oprah Has a 'Fancy' 4G Phone That You Can't Have
- Britain to Project Election Results Onto Big Ben
- Skype Testing Group Video Calling Next Week
- Pre-orders for Sprint's EVO 4G Starting This Month
- AquaVista Aquarium Mounts on Wall, Feeds Fish
- A Wristband Battery For Your Portables
- iPad Hits the Rest of the World on May 28, Almost
- Invisible Dresses Coming Soon
- Nokia Sues Apple Over iPad and iPhone Patents
- FCC Outlines Internet Regulatory Plan
- Russian MP Asks for Probe Into Alien Abduction
I seriously need to get off Facebook... who agrees?
Damnit!!!! WHY DIDN'T I KNOW ABOUT THIS BEFORE I DELETED MY ACCOUNT!!!
Damnit!!!! WHY DIDN'T I KNOW ABOUT THIS BEFORE I DELETED MY ACCOUNT!!!
What does that have to do with anything?
I seriously need to get off Facebook... who agrees?
me too
I never saw this bug. It's simple, really: I don't use Facebook!
Oh no, my super hot cyber sexing is public =/
Oh no, my super hot cyber sexing is public =/
"sup lady, I'll fill your security hole"
That's how it usually goes =D
Using facebook is a security breach.
OH NOZ HE ACCEPTED Kip Drory, thats int3rnets suicideZ !!!
but seriously if you use facebook then you truly have... 0 friends.
but seriously if you use facebook then you truly have... 0 friends.
I understand that you either hate facebook or just don't see the point in social networking but that statement is completely false.
I did see the bug in action. Thanks to that, my bro's girlfriend is no longer a secret.
OH NOZ HE ACCEPTED Kip Drory, thats int3rnets suicideZ !!!but seriously if you use facebook then you truly have... 0 friends.
LOL! Too bad most folks giving you the "Thumbs down" don't realize it's from South Park.
I understand that you either hate facebook or just don't see the point in social networking but that statement is completely false.
Obviously you don't watch SouthPark. That statement is from one of the episodes and utterly hilarious. Facebook has its uses but for the most part is a waste of time.
LOL! Too bad most folks giving you the "Thumbs down" don't realize it's from South Park.Obviously you don't watch SouthPark. That statement is from one of the episodes and utterly hilarious. Facebook has its uses but for the most part is a waste of time.
I do watch Southpark and I know the episode he's referring to but I'm not sure if that second statement was a reference to it (no quotations to indicate whether it was or not). Feel free to correct me if I'm wrong; I didn't commit much of the episode to memory other than "Kip Drory = Bad friend stock."
People who watch Southpark have 0 friends.
People who watch Southpark have 0 friends.
Also not true! We're all just equally immature.
I do watch Southpark and I know the episode he's referring to but I'm not sure if that second statement was a reference to it (no quotations to indicate whether it was or not). Feel free to correct me if I'm wrong; I didn't commit much of the episode to memory other than "Kip Drory = Bad friend stock."
It was in the episode.
http://www.youtube.com/watch?v=2LmAMa-SE8o
LOL!
It was in the episode. http://www.youtube.com/watch?v=2LmAMa-SE8oLOL!
I stand corrected!
I'm in!!! giggity giggity giggity giggity
Aw, crud. Why didn't I know about this before? C'mon Tom's, find the bug BEFORE they fix it!
People who watch Southpark have 0 friends.
Maybe you should have said "People who watch the new seasons of South Park have 0 friends"...
Aw, crud. Why didn't I know about this before? C'mon Tom's, find the bug BEFORE they fix it!
Found yesterday, fixed yesterday!
Maybe you should have said "People who watch the new seasons of South Park have 0 friends"...
I really wouldn't know the difference.
Didn't go on FB yesterday. Kinda happy about it.
I really wouldn't know the difference.
South Park was a great show, until it reached the 12th season, it just went downhill from there (I couldn't stand to watch the entire 13th season, I stopped watching in the middle of an episode).
Yeah, but FB is still more secure than most sites with chat. AIM for example will let you find out the ip address of the person you are chatting with. And not the hidden AIM version of the ip, like facebook, but the actual ip address. Freaking hilarious when you tell someone what their ip is while you're chatting, and they freak out.
wtf so it was real! i always thought it was a huge prank
I know a bug but I wont tell anyone, I will exploit it until facebook will discover it themselves... Lol
Facebook = evil.
so has anyone else tried this yet? i just tried it.. not workin for me.
so has anyone else tried this yet? i just tried it.. not workin for me.
First line in the article: "Facebook has patched a security hole..."
I find it interesting that they chose to disable the chat feature, rather than the preview feature itself while the bug was fixed. That tells me the problem was with chat and that's the code that was altered.