Facebook Private Photo Security Flaw

This is the second exploit discovered in the last few months. The first one was using firebug, a plug-in for Firefox, and a little technical knowledge. The latest exploit requires very little technical knowledge. In fact, all you have to do is look at some public photos, including the profile picture,  and extract some basic user information.

Ok, maybe it is a little technical because you do need a basic understanding of HTML and a some math skills (incrementing numbers). I am guessing anyone under the age of thirty can handle this latest exploit without much effort.

Content Delivery Holes

The problem is not within Facebook itself but held in the content delivery network. This exploit was identified by Joseph Bonneau at lightbluetouchpaper.org and outlines a rather detailed analysis of the problem and the reasons behind it. In essence, anyone can see any photo if it has been cached on the content network because unlike the actual website, the content network does not track authorization status.

Hey, if you really want your photos to remain private then stick to Polaroid. Otherwise be careful about what you are sharing and the amount of information you provide to any and all web-based services. It is best to live under the assumption that what you put online can be viewed by anyone. I listed some thoughts on the subject of privacy in a previous post about online privacy.

Original post from Joseph – New Facebook Photo Hacks