Coding error identified on MySpace and Facebook
2009-11-09
A major coding error identified on social networking websites MySpace and Facebook could allow hackers to access their users' data and photos, according to reports. This will most likely be a concern for those users looking to avoid a data breach or IT intrusion.
It was a Dutch Facebook application developer, Yvo Schaap, who found that Facebook would allow data to be given out from one of its subdomains. The same issue arose on MySpace, which let a domain called farm.sproutbuilder.com access data.
Websites such as the two involved normally block other domains from requesting and receiving information for privacy reasons, except for their own vetted subdomains.
Graham Cluley, senior technology consultant at Sophos, said the damage resulting from such a vulnerability could have been "enormous".
"A malicious hacker could have exploited this vulnerability to gather information about users and potentially collect data which would have helped them steal identities," he explained.
He asserted that sites such as Facebook and MySpace inevitably contain errors because "they're extremely complex web applications, with hundreds of thousands of lines of code".
"My feeling is that many social networks have grown at a tremendously quick rate and haven't always kept their security in step with their rapid growth," Mr Cluley went on to say.
He added that "it would be great" if such sites took some time out to focus more on protecting their users and their data, rather than just expanding their membership.
Facebook recently noted the importance of online security itself on its blog. The company invited Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), to share his thoughts on what people should be doing to keep themselves safe online.
He asserted that people should use privacy, safety and other settings on social networks, while information on the NCSA website as well as the Facebook Security Page can help too.
Read more security news.
