BP signs agreement to drill five new gas wells in Mediterranean within its Egypt concessions    Turkish president holds sideline meetings with world leaders at Egypt summit    S&P Global Ratings upgrade signals renewed confidence in Egypt's economy: CBE Governor    Finance Ministry announces exceptional tourism investment opportunities in Assiut    Al-Sisi, Meloni discuss strengthening Egypt–Italy relations, supporting Gaza ceasefire efforts    Al-Sisi, Merz discuss Gaza ceasefire, ways to deepen Egypt–Germany relations    Gold prices in Egypt extend modest gains on Monday, 13 Oct, 2025    EGX closes in green area on Monday, 13 Oct, 2025    URGENT: Trump arrives in Egypt for Sharm El-Sheikh summit, escorted by Egyptian F-16s    L'Oréal Egypt's 10th summit draws over 800 experts, focuses on dermatology    Egypt's central bank issues EGP 5b FRN T-bonds    URGENT: Netanyahu skips Sharm El-Sheikh peace summit for holy reasons    URGENT: Egypt's Sisi to award Trump highest honour for Gaza peace efforts    Ministers of Egypt، Slovakia sign MoU on environmental protection، climate change    Egypt's Sisi warns against unilateral Nile actions, calls for global water cooperation    Egypt unearths one of largest New Kingdom Fortresses in North Sinai    Egypt's Health Minister showcases Women's Health Initiative at Berlin Innovation Forum    Egypt unearths New Kingdom military fortress on Horus's Way in Sinai    Egypt Writes Calm Anew: How Cairo Engineered the Ceasefire in Gaza    Egypt's acting environment minister heads to Abu Dhabi for IUCN Global Nature Summit    Egyptian Open Amateur Golf Championship 2025 to see record participation    Cairo's Al-Fustat Hills Park nears completion as Middle East's largest green hub – PM    Egypt's Cabinet approves decree featuring Queen Margaret, Edinburgh Napier campuses    El-Sisi boosts teachers' pay, pushes for AI, digital learning overhaul in Egypt's schools    Egypt's Sisi congratulates Khaled El-Enany on landslide UNESCO director-general election win    Syria releases preliminary results of first post-Assad parliament vote    Karnak's hidden origins: Study reveals Egypt's great temple rose from ancient Nile island    Egypt resolves dispute between top African sports bodies ahead of 2027 African Games    Egypt's Al-Sisi commemorates October War, discusses national security with top brass    Egypt reviews Nile water inflows as minister warns of impact of encroachments on Rosetta Branch    Egypt's ministry of housing hails Arab Contractors for 5 ENR global project awards    A Timeless Canvas: Forever Is Now Returns to the Pyramids of Giza    Egypt aims to reclaim global golf standing with new major tournaments: Omar Hisham    Egypt to host men's, juniors' and ladies' open golf championships in October    Germany among EU's priciest labour markets – official data    Paris Olympic gold '24 medals hit record value    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Russia says it's in sync with US, China, Pakistan on Taliban    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Facebook Flaw Bypasses Password Protections
Amwal Al Ghad Published in Amwal Al Ghad on 03 - 11 - 2012

Facebook has moved quickly to shut down a loophole which made some accounts accessible without a password.
The bug was exposed in a message posted to the Hacker News website.
The message contained a search string that, when used on Google, returned a list of links to 1.32 million Facebook accounts.
In some cases clicking on a link logged in to that account without the need for a password. All the links exposed the email addresses of Facebook users.
Throwaway account
The message posted to Hacker News used a search syntax that exposed a system used by Facebook that lets users quickly log back in to their account.
Email alerts about status updates and notifications often contain a link that lets a user of the social network respond quickly by clicking it to log in in to their account.
In a comment added to the Hacker News message, Facebook security engineer Matt Jones said the links were typically only sent to the email addresses of account holders. Links sent in this way can only be clicked once.
"For a search engine to come across these links, the content of the emails would need to have been posted online," he wrote. Mr Jones suspected this is what happened as many of the email addresses exposed were for throwaway mail sites or for services that did a bad job of protecting archived messages.
Most of the million or so links exposed would already have expired, said Mr Jones.
"Regardless, due to some of these links being disclosed, we've turned the feature off until we can better ensure its security for users whose email contents are publicly visible," he said.
Mr Jones added that Facebook had taken steps to secure the accounts of people who had been exposed by the flaw. Many of the exposed accounts were in Russia and China.
In an official statement, Facebook said the links were sent "directly to private email addresses to help people easily access their accounts, and we never made them publicly available or crawlable."
However, it said, the links were then posted elsewhere online which lead to them being indexed on search engines.
It said: "While we have always had protections on these private links to provide an additional layer of security, we have since disabled their functionality completely and are remediating the accounts of anyone who recently used this feature."
BBC

Clic here to read the story from its source.