Ramsco's Women Empowerment Initiative Recognized Among Top BRICS Businesswomen Practices for 2025    Egypt, Elsewedy review progress on Ain Sokhna phosphate complex    Gold prices end July with modest gains    Pakistan says successfully concluded 'landmark trade deal' with US    Egypt's FM, US envoy discuss Gaza ceasefire, Iran nuclear talks    Modon Holding posts AED 2.1bn net profit in H1 2025    Egypt's Electricity Ministry says new power cable for Giza area operational    Egypt's Al-Sisi, Italian defence minister discuss Gaza, security cooperation    Egypt's FM discusses Gaza, Nile dam with US senators    Aid airdrops intensify as famine deepens in Gaza amid mounting international criticism    Health minister showcases AI's impact on healthcare at Huawei Cloud Summit    On anti-trafficking day, Egypt's PM calls fight a 'moral and humanitarian duty'    Federal Reserve maintains interest rates    Egypt strengthens healthcare partnerships to enhance maternity, multiple sclerosis, and stroke care    Egypt keeps Gaza aid flowing, total tops 533,000 tons: minister    Indian Embassy to launch cultural festival in Assiut, film fest in Cairo    Egyptian aid convoy heads toward Gaza as humanitarian crisis deepens    Culture minister launches national plan to revive film industry, modernise cinematic assets    Rafah Crossing 'never been closed for one day' from Egypt: PM    I won't trade my identity to please market: Douzi    Two militants killed in foiled plot to revive 'Hasm' operations: Interior ministry    Egypt's EHA, Huawei discuss enhanced digital health    Egypt, Oman discuss environmental cooperation    Egypt's EDA explores pharma cooperation with Belarus    Foreign, housing ministers discuss Egypt's role in African development push    Egypt reveals heritage e-training portal    Three ancient rock-cut tombs discovered in Aswan    Sisi launches new support initiative for families of war, terrorism victims    Egypt expands e-ticketing to 110 heritage sites, adds self-service kiosks at Saqqara    Egypt's Irrigation Minister urges scientific cooperation to tackle water scarcity    Palm Hills Squash Open debuts with 48 international stars, $250,000 prize pool    On Sport to broadcast Pan Arab Golf Championship for Juniors and Ladies in Egypt    Golf Festival in Cairo to mark Arab Golf Federation's 50th anniversary    Germany among EU's priciest labour markets – official data    Paris Olympic gold '24 medals hit record value    A minute of silence for Egyptian sports    Russia says it's in sync with US, China, Pakistan on Taliban    It's a bit frustrating to draw at home: Real Madrid keeper after Villarreal game    Shoukry reviews with Guterres Egypt's efforts to achieve SDGs, promote human rights    Sudan says countries must cooperate on vaccines    Johnson & Johnson: Second shot boosts antibodies and protection against COVID-19    Egypt to tax bloggers, YouTubers    Egypt's FM asserts importance of stability in Libya, holding elections as scheduled    We mustn't lose touch: Muller after Bayern win in Bundesliga    Egypt records 36 new deaths from Covid-19, highest since mid June    Egypt sells $3 bln US-dollar dominated eurobonds    Gamal Hanafy's ceramic exhibition at Gezira Arts Centre is a must go    Italian Institute Director Davide Scalmani presents activities of the Cairo Institute for ITALIANA.IT platform    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Facebook Flaw Bypasses Password Protections
Amwal Al Ghad Published in Amwal Al Ghad on 03 - 11 - 2012

Facebook has moved quickly to shut down a loophole which made some accounts accessible without a password.
The bug was exposed in a message posted to the Hacker News website.
The message contained a search string that, when used on Google, returned a list of links to 1.32 million Facebook accounts.
In some cases clicking on a link logged in to that account without the need for a password. All the links exposed the email addresses of Facebook users.
Throwaway account
The message posted to Hacker News used a search syntax that exposed a system used by Facebook that lets users quickly log back in to their account.
Email alerts about status updates and notifications often contain a link that lets a user of the social network respond quickly by clicking it to log in in to their account.
In a comment added to the Hacker News message, Facebook security engineer Matt Jones said the links were typically only sent to the email addresses of account holders. Links sent in this way can only be clicked once.
"For a search engine to come across these links, the content of the emails would need to have been posted online," he wrote. Mr Jones suspected this is what happened as many of the email addresses exposed were for throwaway mail sites or for services that did a bad job of protecting archived messages.
Most of the million or so links exposed would already have expired, said Mr Jones.
"Regardless, due to some of these links being disclosed, we've turned the feature off until we can better ensure its security for users whose email contents are publicly visible," he said.
Mr Jones added that Facebook had taken steps to secure the accounts of people who had been exposed by the flaw. Many of the exposed accounts were in Russia and China.
In an official statement, Facebook said the links were sent "directly to private email addresses to help people easily access their accounts, and we never made them publicly available or crawlable."
However, it said, the links were then posted elsewhere online which lead to them being indexed on search engines.
It said: "While we have always had protections on these private links to provide an additional layer of security, we have since disabled their functionality completely and are remediating the accounts of anyone who recently used this feature."
BBC

Clic here to read the story from its source.