Masress : Facebook Flaw Bypasses Password Protections

ABE chair meets Beheira, Daqahleya governors to advance agricultural development CIB launches training programme, awareness campaigns for Global Fraud Awareness Week Israel accused of ceasefire violations as humanitarian risks escalate in Gaza Maternal, fetal health initiative screens over 3.6 million pregnant women Banque Misr signs EGP 3bn revolving credit facility with SODIC The Future Begins Now: A National Alliance Bridging the Gap Between Classroom Seats and Leadership Dreams Ahl Masr Burn Hospital Concludes First Scientific Forum, Prepares for Expanded Second Edition in 2026 Egypt signs mining training agreement with Australia's Murdoch University Australia returns 17 rare ancient Egyptian artefacts Gold prices edge lower on Thursday Gaza death toll rises as humanitarian crisis deepens, Israeli offensive expands in West Bank Egypt expands rollout of Universal Health Insurance Cairo affirms commitment to Lebanese sovereignty, urges halt to cross-border violations China invites Egypt to join African duty-free export scheme Egypt calls for stronger Africa-Europe partnership at Luanda summit Egypt begins 2nd round of parliamentary elections with 34.6m eligible voters Egypt warns of erratic Ethiopian dam operations after sharp swings in Blue Nile flows Egypt scraps parliamentary election results in 19 districts over violations Egypt extends Ramses II Tokyo Exhibition as it draws 350k visitors to date Egypt signs host agreement for Barcelona Convention COP24 in December Al-Sisi urges probe into election events, says vote could be cancelled if necessary Filmmakers, experts to discuss teen mental health at Cairo festival panel Cairo International Film Festival to premiere 'Malaga Alley,' honour Khaled El Nabawy Cairo hosts African Union's 5th Awareness Week on Post-Conflict Reconstruction on 19 Nov. Egypt golf team reclaims Arab standing with silver; Omar Hisham Talaat congratulates team Egypt launches National Strategy for Rare Diseases at PHDC'25 Egypt adds trachoma elimination to health success track record: WHO Grand Egyptian Museum welcomes over 12,000 visitors on seventh day 'Royalty on the Nile': Grand Ball of Monte-Carlo comes to Cairo Egypt launches Red Sea Open to boost tourism, international profile Omar Hisham Talaat: Media partnership with 'On Sports' key to promoting Egyptian golf tourism Sisi expands national support fund to include diplomats who died on duty Egypt's PM reviews efforts to remove Nile River encroachments Egypt resolves dispute between top African sports bodies ahead of 2027 African Games Germany among EU's priciest labour markets – official data Paris Olympic gold '24 medals hit record value It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game Russia says it's in sync with US, China, Pakistan on Taliban Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights Sudan says countries must cooperate on vaccines Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19 Egypt to tax bloggers, YouTubers Egypt's FM asserts importance of stability in Libya, holding elections as scheduled We mustn't lose touch: Muller after Bayern win in Bundesliga Egypt records 36 new deaths from Covid-19, highest since mid June Egypt sells $3 bln US-dollar dominated eurobonds Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform

Thank you for reporting!

This image will be automatically disabled when it gets reported by several people.

Facebook Flaw Bypasses Password Protections

Amwal Al Ghad Published in Amwal Al Ghad on 03 - 11 - 2012

Facebook has moved quickly to shut down a loophole which made some accounts accessible without a password.
The bug was exposed in a message posted to the Hacker News website.
The message contained a search string that, when used on Google, returned a list of links to 1.32 million Facebook accounts.
In some cases clicking on a link logged in to that account without the need for a password. All the links exposed the email addresses of Facebook users.
Throwaway account
The message posted to Hacker News used a search syntax that exposed a system used by Facebook that lets users quickly log back in to their account.
Email alerts about status updates and notifications often contain a link that lets a user of the social network respond quickly by clicking it to log in in to their account.
In a comment added to the Hacker News message, Facebook security engineer Matt Jones said the links were typically only sent to the email addresses of account holders. Links sent in this way can only be clicked once.
"For a search engine to come across these links, the content of the emails would need to have been posted online," he wrote. Mr Jones suspected this is what happened as many of the email addresses exposed were for throwaway mail sites or for services that did a bad job of protecting archived messages.
Most of the million or so links exposed would already have expired, said Mr Jones.
"Regardless, due to some of these links being disclosed, we've turned the feature off until we can better ensure its security for users whose email contents are publicly visible," he said.
Mr Jones added that Facebook had taken steps to secure the accounts of people who had been exposed by the flaw. Many of the exposed accounts were in Russia and China.
In an official statement, Facebook said the links were sent "directly to private email addresses to help people easily access their accounts, and we never made them publicly available or crawlable."
However, it said, the links were then posted elsewhere online which lead to them being indexed on search engines.
It said: "While we have always had protections on these private links to provide an additional layer of security, we have since disabled their functionality completely and are remediating the accounts of anyone who recently used this feature."
BBC

Clic here to read the story from its source.