UN Palestine peace conference suspended amid regional escalation    Egypt advances integrated waste management city in 10th of Ramadan with World Bank support    Hyatt, Egypt's ADD Developments sign MoU for hotel expansion    Serbian PM calls trade deal a 'new page' in Egypt ties    Reforms make Egypt 'land of opportunity,' business leader tells Serbia    TMG climbs to 4th in Forbes' Top 50 Public Companies in Egypt' list on surging sales, assets    Egypt, Japan's JICA plan school expansion – Cabinet    Egypt's EDA, AstraZeneca discuss local manufacturing    Israel intensifies strikes on Tehran as Iran vows retaliation, global leaders call for de-escalation    Egypt issues nearly 20 million digital treatment approvals as health insurance digitalisation accelerates    LTRA, Rehla Rides forge public–private partnership for smart transport    Egyptian pound rebounds at June 16 close – CBE    China's fixed asset investment surges in Jan–May    Egypt secures €21m EU grant for low-carbon transition    Sisi launches new support initiative for families of war, terrorism victims    Egypt, Cyprus discuss regional escalation, urge return to Iran-US talks    Egypt nuclear authority: No radiation rise amid regional unrest    Grand Egyptian Museum opening delayed to Q4    Egypt delays Grand Museum opening to Q4 amid regional tensions    Egypt slams Israeli strike on Iran, warns of regional chaos    Egypt expands e-ticketing to 110 heritage sites, adds self-service kiosks at Saqqara    Egypt's EDA joins high-level Africa-Europe medicines regulatory talks    Egypt's Irrigation Minister urges scientific cooperation to tackle water scarcity    Egypt, Serbia explore cultural cooperation in heritage, tourism    Egypt discovers three New Kingdom tombs in Luxor's Dra' Abu El-Naga    Egypt launches "Memory of the City" app to document urban history    Palm Hills Squash Open debuts with 48 international stars, $250,000 prize pool    Egypt's Democratic Generation Party Evaluates 84 Candidates Ahead of Parliamentary Vote    On Sport to broadcast Pan Arab Golf Championship for Juniors and Ladies in Egypt    Golf Festival in Cairo to mark Arab Golf Federation's 50th anniversary    Germany among EU's priciest labour markets – official data    Cabinet approves establishment of national medical tourism council to boost healthcare sector    Egypt's PM follows up on Julius Nyerere dam project in Tanzania    Egypt's FM inspects Julius Nyerere Dam project in Tanzania    Paris Olympic gold '24 medals hit record value    A minute of silence for Egyptian sports    Russia says it's in sync with US, China, Pakistan on Taliban    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Facebook Flaw Bypasses Password Protections
Amwal Al Ghad Published in Amwal Al Ghad on 03 - 11 - 2012

Facebook has moved quickly to shut down a loophole which made some accounts accessible without a password.
The bug was exposed in a message posted to the Hacker News website.
The message contained a search string that, when used on Google, returned a list of links to 1.32 million Facebook accounts.
In some cases clicking on a link logged in to that account without the need for a password. All the links exposed the email addresses of Facebook users.
Throwaway account
The message posted to Hacker News used a search syntax that exposed a system used by Facebook that lets users quickly log back in to their account.
Email alerts about status updates and notifications often contain a link that lets a user of the social network respond quickly by clicking it to log in in to their account.
In a comment added to the Hacker News message, Facebook security engineer Matt Jones said the links were typically only sent to the email addresses of account holders. Links sent in this way can only be clicked once.
"For a search engine to come across these links, the content of the emails would need to have been posted online," he wrote. Mr Jones suspected this is what happened as many of the email addresses exposed were for throwaway mail sites or for services that did a bad job of protecting archived messages.
Most of the million or so links exposed would already have expired, said Mr Jones.
"Regardless, due to some of these links being disclosed, we've turned the feature off until we can better ensure its security for users whose email contents are publicly visible," he said.
Mr Jones added that Facebook had taken steps to secure the accounts of people who had been exposed by the flaw. Many of the exposed accounts were in Russia and China.
In an official statement, Facebook said the links were sent "directly to private email addresses to help people easily access their accounts, and we never made them publicly available or crawlable."
However, it said, the links were then posted elsewhere online which lead to them being indexed on search engines.
It said: "While we have always had protections on these private links to provide an additional layer of security, we have since disabled their functionality completely and are remediating the accounts of anyone who recently used this feature."
BBC

Clic here to read the story from its source.