Home » Communications

Facebook Responds

Posted 3 Nov 2010 | Comments Off on Facebook Responds | 1,170 views

In true Scharzenegger-style, Facebook responds that it’s not a tumor breach. The basic gist of their response is that even though they leaked UIDs, they did not not share any private user data. Apparently when a user agrees to use an app on Facebook, they also agree to share their info. The fact that this info is now personally identifying with the addition of the UID doesn’t matter.

In addition, their lax handling of the Facebook session cookies allow someone to hijack a session and impersonate a person on Facebook. In fact, the Firesheep extension for Firefox openly demonstrates the flaw with a simple mouse click. The extension works by sniffing cookies from social networking sites that don’t use SSL encryption. Eric Butler, the author of the extension, writes on his website: “This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users.”

Comments are closed.