This time at Facebook — Security Lapse Exposes Photos:
| A security lapse made it possible for unwelcome strangers to peruse personal photos posted on Facebook Inc.’s popular online hangout, circumventing a recent upgrade to the Web site’s privacy controls.
The Associated Press verified the loophole Monday after receiving a tip from a Byron Ng, a Vancouver, Canada computer technician. Ng began looking for security weaknesses last week after Facebook unveiled more ways for 67 million members to restrict access to their personal profiles. But the added protections weren’t enough to prevent Ng from pulling up the most recent pictures posted by Facebook members and their friends, even if the privacy settings were set to restrict the audience to a select few. After being alerted Monday afternoon, Facebook spokeswoman Brandee Barker said the Palo Alto-based company fixed the bug within an hour. |
So how many millions of lines of code does it take to run Facebook? And how many more bugs might there be, waiting to be discovered?
Here are a few more paragraphs from the above story:
| The latest lapse serves as another reminder of the perils of sharing sensitive photos and personal information online, even when Web sites pledge to shield the information from prying eyes.
Before the fix, Ng’s computer-coding trick enabled him to find private pictures of Paris Hilton at the Emmy awards and of her brother Barron Nicholas drinking a beer with friends and photos of many other people who hadn’t granted access to Ng. […] Despite the risks, more people than ever — especially teenagers and young adults — are publishing personal photos and other intimate details about their lives on the Internet. News Corp.’s MySpace.com, the only online social network larger than Facebook, suffered a security breach that exposed its members’ private photos earlier this year. |
And don’t forget about the security breach an Gmail. And plenty of other sites. (I wonder how long till we hear of a breach at Carbonite or some other online storage site.)
My urgent advice: Use the Internet (Web, email, chat, IM, storage, etc) as though it weren’t private and secure.