SitePoint Sponsor

User Tag List

Page 1 of 2 12 LastLast
Results 1 to 25 of 40
  1. #1
    SitePoint Addict palgrave's Avatar
    Join Date
    Jan 2006
    Posts
    357
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    BBC hacks Facebook

    This BBC article is quite interesting. They reckon anybody with basic web programming skills can steal personal details from Facebook.

    I don't use Facebook or any other social network site, but what I found quite interesting was the implicit notion that web 2.0 users have the right to create their own internet experience, but the responsibility for the safety of the information they use to create that experience lies with those who create the framework for that experience.

    I don't have a strong opinion on this, but I would probably tend towards an argument that places more of that responsibility on users in order for this particular aspect of web 2.0 to reach its potential.

    My ambivilence would stem from the obvious fact that if I was the owner of Facebook I would want this capability stamped out immediately, and I guess as long as these "user-created" environments are created/owned by corporations they aren't really what they let on they are.

    If that doesn't make sense to anybody I'm not surprised, coz I only half know what I'm getting at.

  2. #2
    Function Curry'er JimmyP's Avatar
    Join Date
    Aug 2007
    Location
    Brighton, UK
    Posts
    2,006
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't think it's too big a deal. The information that can be obtained by apps is not too harmful (name, hobbies. interests etc.).

    Obviously I can see the potential danger of this but I can't see why the BBC is claiming this as their discovery - this method has been talked about before amongst developers. It's nothing new!

    I think this feature in question is central to the success of Facebook and similiar applications. - It would be a very bad idea to stamp out user-generated apps/content.

    There is a problem with this particular BBC article - it's implying that any <advisor snip> can pull it off - and that it only needs very basic skills. I doubt this is actually the case.

    All the BBC is trying to do here is the same as what they are always trying to do - generate fear and uncertainty amongst the masses!
    Last edited by ses5909; May 2, 2008 at 04:30. Reason: Please remember this is a family-friendly forum
    James Padolsey
    末末末末末末末末末末末末末末末末末末末
    Awesome JavaScript Zoomer (demo here)
    'Ajaxy' - Ajax integration solution (demo here)

  3. #3
    SitePoint Addict
    Join Date
    Jan 2007
    Posts
    344
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The BBC article points out that their "resident coder" took 3 days to put the app together. That is hardly implying that any jackass can do it.

    What it *does* point out is that any <moderator snip> can be a victim of such a program. Even if said person is not the direct user, but rather, is in the chain of permissions granted as a "friend".

    That's like leaving the house key under the doormat, while all your friends' emergency sets of house keys are hung on a hook just inside the door. With handy identifying tags on them of course. The better to enhance the user experience no doubt.
    Last edited by ses5909; May 2, 2008 at 04:30. Reason: Please remember this is a family-friendly forum. Thanks.

  4. #4
    SitePoint Addict zero_digit's Avatar
    Join Date
    Jul 2007
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow that's an eyeopener, what did facebook says when they heard this, are they act on it?....a big flaw like that will make the company and users ti it's downfall....

  5. #5
    Non-Member
    Join Date
    Oct 2007
    Location
    United Kingdom
    Posts
    622
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I’m no fan of face book, Its like a nice little lake that all kinds of unsavoury people sit around fishing for the clueless fish.

    I worry about some of my friends and family using it because of the vulnerabilities it brings to the table, through identity theft, paedophilia and more.

    Its also becoming more common for an employer to check an employees or potential employees face book account, so if they don’t like what they see it could have serious implications on your career.

    I guess I just value privacy.

    ro0bear

  6. #6
    SitePoint Addict Sgt. Baboon's Avatar
    Join Date
    Dec 2002
    Posts
    396
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ro0bear View Post
    I知 no fan of face book, Its like a nice little lake that all kinds of unsavoury people sit around fishing for the clueless fish.

    I worry about some of my friends and family using it because of the vulnerabilities it brings to the table, through identity theft, paedophilia and more.

    Its also becoming more common for an employer to check an employees or potential employees face book account, so if they don稚 like what they see it could have serious implications on your career.

    I guess I just value privacy.

    ro0bear
    If you have stuff so bad on Facebook that a potential employer would not hire you, you have bigger issues than Facebook.

  7. #7
    SitePoint Wizard
    Join Date
    Dec 2004
    Location
    At My Desk!!
    Posts
    1,642
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by plumsauce View Post
    The BBC article points out that their "resident coder" took 3 days to put the app together. T
    The article actually says it took less than 3 hours, not days

    They say they hacked it but the worse information they get is a name, school or hobby! If users don't want that visible, they shouldn't put it on something like Facebook .. period!
    "Am I the only one doing ASP.NET in Delphi(Pascal)?"

  8. #8
    doing my best to help c2uk's Avatar
    Join Date
    May 2005
    Location
    Cardiff
    Posts
    1,832
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In the video they mention they got the date of birth, home town and employer.
    Dan G
    Marketing Strategist & Consultant

  9. #9
    Non-Member
    Join Date
    Oct 2007
    Location
    United Kingdom
    Posts
    622
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sgt. Baboon View Post
    If you have stuff so bad on Facebook that a potential employer would not hire you, you have bigger issues than Facebook.
    I dont use facebook, but I have heard of exactly that happening. A police man got fired for posing in his uniform (in a gay manor).

    ro0bear

  10. #10
    SitePoint Wizard jimbo_dk's Avatar
    Join Date
    May 2005
    Location
    Singapore
    Posts
    1,261
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This also bring up the issue of social responsibility as developers.
    Winners Respond. Losers React.
    Singapore Web Designer

  11. #11
    Trash Boat mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,232
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah... but im sure they didnt know the flaw was there?

  12. #12
    SitePoint Enthusiast
    Join Date
    May 2007
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think they are blowing this way out of proportion, however privacy is still somewhat of an issue, people should be a bit more paranoid about what they put on public sites.
    Hot Hot Flash Files, Gallery/Portfolios, Menus, RSS etc.
    ^ Free as well as commercial flash files.

  13. #13
    SitePoint Addict palgrave's Avatar
    Join Date
    Jan 2006
    Posts
    357
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by zero_digit View Post
    what did facebook says when they heard this, are they act on it?
    According to the BBC, this is what Facebook had to say.

  14. #14
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Yeah, well as in one of the comments is said, everything you post on the Internet can be read by anyone. In my case, with my personal information I post, anyone can't do much. But things like no identity cards in UK make me shiver. I'd think twice about giving any personal details on any site at all, if I lived in UK.

    This is a serious issue in countries like UK, and that concerns more than just facebook.
    Saul

  15. #15
    Non-Member
    Join Date
    Oct 2007
    Location
    United Kingdom
    Posts
    622
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    The average teenage facebook user sees facebook as a responsible corperate website who would never let you do something that would endanger their safety. They are also ignorent as to what infomation you should put on the internet, what information you shouldnt, and what some people could do with the information they provide.

    I think websites like facebook should recodnise this, and take more steps to help educate people who use their site about what information you shouldn't put on the internet. When signing up maybe a "The Golden Rules" page that just gives a simple and brief overview of what information you should never put online.

    In particular, it should be made clear to not say anything about where you are going in the future. For instance, there was an instance I saw where a girl wrote on her facebook or myspace (cant remember which) to a freind about a school trip to somewhere in london, and even mentioned the time they would be there. A man (who had been posing as a teenage boy on the site) stalked her to the trip, walked past and stoked her back. Obviously she was a bit freaked out, especially when he kept following her, so she took a photo of him with her mobile phone and told the police. The police identified him from the photo, checked his computer and found child porn, and a myspace (or facebook) account where he was posing as the teenage boy, and had hundruds of young girls as facebook (or myspace) friends.

    just one example.

    If you saw a teenager walking round a crowded city with holding up a big sign with lots of pictures of him/her, his/her age, hobbies, school, friends, conversations etc, wouldnt you go and tell him/her that its not a great idea?

    ro0bear

  16. #16
    Kiwi Fr00t jylyn's Avatar
    Join Date
    Apr 2005
    Location
    New Zealand
    Posts
    218
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm not that talented a coder and I've made a facebook app myself. Any FB app you install has access to all your personal data (not so much the list of hobbies, but definitely date of birth, address, relationship status etc).

    According to the FB privacy rules, apps are not allowed to store this information and must re-request it from the FB servers every time you use the app. In reality, there's no way for FB to know if the developer is storing those details because, like the article said, the scripts aren't stored on FB's servers.

    Basically if you've ever installed any FB app, you might as well assume that info has been stored, even if you uninstall the app. Hopefully most of the developers abide by the rules, but you can pretty much guarantee that some don't.

    *edit: My mistake, a developer can't get your address. But they do have access to your country, city, and any networks you belong to, eg. your school or workplace.

  17. #17
    Kiwi Fr00t jylyn's Avatar
    Join Date
    Apr 2005
    Location
    New Zealand
    Posts
    218
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mkoenig View Post
    Yeah... but im sure they didnt know the flaw was there?
    FB know, and they don't care. Their default answer will always be "yes, but a user can choose not to allow that application access to their data." This is true, but what they don't say is if you don't allow access, you cannot install the application.

  18. #18
    SitePoint Zealot
    Join Date
    Mar 2008
    Posts
    121
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by php_daemon View Post
    Yeah, well as in one of the comments is said, everything you post on the Internet can be read by anyone. In my case, with my personal information I post, anyone can't do much. But things like no identity cards in UK make me shiver. I'd think twice about giving any personal details on any site at all, if I lived in UK.

    This is a serious issue in countries like UK, and that concerns more than just facebook.
    True, information can be viewed by anyone.

    But, it i possible to stop search engine especially from including certain pages with their results.

    As a result of this, unless you know the exact prime location of the information, information can't be displayed by just anyone!

    Correct me if I'm wrong!

  19. #19
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by magicman6452 View Post
    True, information can be viewed by anyone.

    But, it i possible to stop search engine especially from including certain pages with their results.

    As a result of this, unless you know the exact prime location of the information, information can't be displayed by just anyone!

    Correct me if I'm wrong!
    That's just details. But the point is that to stay secure, don't post anything you don't want to be abused.
    Saul

  20. #20
    SitePoint Enthusiast
    Join Date
    Apr 2004
    Location
    London
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One of the things said by those who give advice on how to minimise the chance of identity theft is not to disclose your birthday as this is one of the common security questions used by organisations to verify identity. Yet innocent, trusting and possibly naive visitors are regularly encouraged to impart this information to social networking sites, forums and the like, without any warning that doing so may be a risk and that giving a false answer would be better.

    Other television programmes in recent months have similarly shown how sites such as facebook and others allow detailed information about persons to be obtained, all of which is gold dust to would be identity thieves.

    It would be refreshing to see such websites demonstrating social responsibility by having educational resources provided concerning identity theft, and to recognise that their members would probably willingly trade pointless fluff features such as an email on their birthday for a lower probability of having their credit history ruined and debt collectors coming to the door.
    Last edited by ioncube; May 3, 2008 at 08:59.
    Protection for PHP scripts - ionCube PHP Encoder
    Create Web Application Installers - ionCube Package Foundry

  21. #21
    Non-Member
    Join Date
    Oct 2007
    Location
    United Kingdom
    Posts
    622
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ioncube View Post
    One of the things said by those who give advice on how to minimise the chance of identity theft is not to disclose your birthday as this is one of the common security questions used by organisations to verify identity. Yet innocent, trusting and possibly naive visitors are regularly encouraged to impart this information to social networking sites, forums and the like, without any warning that doing so may be a risk and that giving a false answer would be better.

    Other television programmes in recent months have similarly shown how sites such as facebook and others allow detailed information about persons to be obtained, all of which is gold dust to would be identity thieves.

    It would be refreshing to see such websites demonstrating social responsibility by having educational resources provided concerning identity theft, and to recognise that their members would probably willingly trade a lower probability of having their credit history ruined and debt collectors coming to the door for pointless fluff features such as an email on their birthday.
    Well said

    ro0bear

  22. #22
    SitePoint Enthusiast
    Join Date
    Feb 2008
    Posts
    62
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't think this is a very big deal.

  23. #23
    SitePoint Addict Jonny's Avatar
    Join Date
    Mar 2003
    Location
    Norwich, UK
    Posts
    272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm no programmer, but I'm confident that pretty much any web application could be 'hacked' given enough time, resources and expertise. This shouldn't be blown unnescessarily out of proportion.

  24. #24
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jonny View Post
    I'm no programmer, but I'm confident that pretty much any web application could be 'hacked' given enough time, resources and expertise. This shouldn't be blown unnescessarily out of proportion.
    Yes, but in this case they are giving out the data to developers, it's not even hacking per se.
    Saul

  25. #25
    SitePoint Addict rosem's Avatar
    Join Date
    Jul 2003
    Location
    Chicago, IL
    Posts
    302
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by c2uk View Post
    In the video they mention they got the date of birth, home town and employer.
    I openly give this information away on my facebook account/page anyway... "Hackers" are only going to be able to pull information you submit, as long as their not getting my SSN or things like that, oh well...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •