Facebook security flaw found
Posted Friday, August 10, 2007 at 7:16pm in Blogging |
Think your Facebook Status Updates are only viewable to your own circle of Facebook friends? Think again. I, along with Drew Benvie, have just discovered a security flaw in the status update system. Drew and I are friends on Facebook which means I get to see his status updates when I log into Facebook and, likewise, he gets to see mine. Which is fine. However, everyone who is a member of Facebook has an RSS feed for their friends’ status updates meaning they can add it to an RSS reader if they choose to.
Drew happens to read his friends’ status updates from his Bloglines account. And here’s the flaw. If you run a search for my name in Bloglines you’ll see my latest Facebook status update coming from Drew’s subscription and available for all to see.
I initially thought that Drew must have had his Bloglines feed settings on ‘public’ but he’s just clarified they are indeed set to private. Being set at private you would think only Drew would be able to see them. Wrong. But not only can I see my own status updates I can see all of Drew’s friends too.
This is a fairly serious security flaw me thinks and I don’t think it’s Bloglines at fault here. Wonder if I throw a few links to the Bloglines blog and Facebook blog they might see it.
I bet Drew isn’t the only person subscribed to his friends’ status updates in Bloglines either.
Related Posts
- UK internet users increasingly heart blogs 06.10.
- Analyse your FeedBurner feeds better 12.06.
- Social media 'friendly' releases 10.09.
- Link-o-licious 10.17.
- The SEO benefits of blogger outreach 03.17.
- Next post: « Absolutely stunning piece of wildlife footage
- Previous post: Bit of this bit of that »
12 Comments
Karel Mc Intosh
Friday, August 10, 2007 at 7:53pm
Hmmm… This is something to think about, especially since status updates are where people get really witty and wild when they’re ready.
Stephen
Friday, August 10, 2007 at 8:18pm
Yep, I write absolute nonsense sometimes.
Milton HIcks
Friday, August 10, 2007 at 10:34pm
You two are intent on bringing Facebook down. But what will we do with our days once it’s dead?
(And it’s ‘flaw’.:-))
Stephen
Friday, August 10, 2007 at 10:51pm
What a doofus! Blame the excitment of finding something ‘flawed’ in FB that caused the slight, ahem, typo. I have it correct in the blog post though…
Ta.
Bugger, I thought I was clever and submitted it to Digg… as ‘floor’.
“But what will we do with our days once it’s dead?”
I would usually have said that I’d get my life back but I’m sure something else would consume me.
Karel Mc Intosh
Saturday, August 11, 2007 at 12:53am
Lol. Bring Facebook down? Naaahhhh.
It’s just that this flaw has prevented me from writing wild and witty status updates. I’m much too addicted to FB anyway. But, part of it’s allure and the resulting preference people have for it also lies in its security (especially when of late during site maintenance you end up seeing other people’s profiles).
But I’m with FB all the way.
Drew
Saturday, August 11, 2007 at 5:44pm
RSS-enabling content from Facebook seems smart, but a lot of Facebook users only keep up their addiction because they know they can control who sees what they write.
So I think, the Bloglines issue to one side, RSS enabling friends’ Facebook content kind of undermines what has made it popular - the fact that only your friends see what you write.
And who ‘owns’ the RSS feeds and their content? Open can of worms is this one.
David Brain
Monday, August 13, 2007 at 8:17am
It really does go to show that you just HAVE to assume that everything you put up pretty much anywhere is discoverable. Duller world I know, but there you go.
David Brain
Monday, August 13, 2007 at 8:17am
PS: Newcastle top of the Premier League. City second. Nice.
Stephen
Monday, August 13, 2007 at 8:22am
That’s true. It’s certainly made me wary about what I write there. My analytics tells me I’ve had a few visitors from the people at Facebook so maybe they’re working on it.
I know! Great news! Now if we can just keep it up for the rest of the season…
links for 2007-08-14 « Social Media Report
Tuesday, August 14, 2007 at 3:19pm
[...] prblogger.com » Blog Archive » Facebook security flaw found Davies (and me) uncover a Facebook privacy glitch [...]
jdid
Wednesday, August 15, 2007 at 1:59pm
who’s bringing facebook down and how can I sign up
Karel Mc Intosh
Wednesday, August 15, 2007 at 2:07pm
Jdid, why do you want to bring down Facebook?