Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

60 comments

Hulu's problem (5, Interesting)

cgeys (2240696) | about 3 years ago | (#36650026)

Nice how to the title tries to imply that it is Facebook's fault when in fact it's only bad coding from Hulu's side. They even admit it:

The company has admitted that the flaw was the result of a coding and configuration error on Hulu’s side. The company has denied that the issue is the result of hacking, other third party actions, or a vulnerability in Facebook Connect.

Re:Hulu's problem (4, Insightful)

SlappyBastard (961143) | about 3 years ago | (#36650084)

Good PR: the cure to shitty coding.

Re:Hulu's problem (4, Insightful)

RoFLKOPTr (1294290) | about 3 years ago | (#36650232)

Good PR: the cure to shitty coding.

You seem to be implying that Hulu is dancing around the fact that they fucked up when they clearly admitted that they fucked up.

Re:Hulu's problem (1)

Anonymous Coward | about 3 years ago | (#36650356)

Good PR: the cure to shitty coding.

You seem to be implying that Hulu is dancing around the fact that they fucked up when they clearly admitted that they fucked up.

You seem to be implying that people here on slashdot RTFA. Also note that it was an "anonymous reader" that submitted this article with the sensationalist headline.

I think its pretty fucking obvious what I'm implying, lets hope that this fact ends the thread here.

Re:Hulu's problem (1)

hairyfeet (841228) | about 3 years ago | (#36651364)

Is it exposing CC data? If not I really don't see what the big whoop is as it isn't like Hulu is offering porn, right? Who cares if someone else knew you watched NCIS or some dumb reality show? Sure having fucked up code is never a good thing, but it isn't like a Sony "whoops we lost your CC numbers LOL!" level of fuckup is it?

Skimming TFA it looks more like they simply saw someone else's viewing history but TFA is kinda light on details besides "No CC numbers exposed!" so maybe someone who had it happen can clue us in...anything worth getting your panties in a wad over?

Re:Hulu's problem (2)

RoFLKOPTr (1294290) | about 3 years ago | (#36654042)

Is it exposing CC data? If not I really don't see what the big whoop is as it isn't like Hulu is offering porn, right? Who cares if someone else knew you watched NCIS or some dumb reality show?

A data breach is a data breach. A data breach means there was a vulnerability through which data could be breached. Who knows what other data could possibly have been obtained via those methods? One thing we know for sure is that their security auditing processes before going live with new code are not up to snuff. It doesn't matter if credit card information WAS leaked... but if there was a data breach of any sort, credit card information could potentially leak out eventually. Either way, trust in the security of their service declines, and rightfully so.

Re:Hulu's problem (1)

michiko (2270072) | about 3 years ago | (#36650400)

ooo.!!! people should write dissertation on this http://a.ly/5a [a.ly]

Re:Hulu's problem (3, Funny)

Co0Ps (1539395) | about 3 years ago | (#36650648)

Probably some script-monkey who wrote:

// Get account to connect with facebook.
SELECT * FROM `accounts` WHERE first_name = $facebook_first_name LIMIT 1

Re:Hulu's problem (0)

Anonymous Coward | about 3 years ago | (#36654144)

Hi, my name is 'Randall' ; DROP TABLE accounts ; -- and I think I broke something.

Re:Hulu's problem (1)

sunfly (1248694) | about 3 years ago | (#36653408)

Your dead wrong. Facebook's user data was exposed, it does not matter who wrote the damn code, it is facebooks fault. Running a major site comes with real responsibilities.

Re:Hulu's problem (2)

DavidD_CA (750156) | about 3 years ago | (#36654602)

It was Hulu's data that was exposed to the wrong Hulu users, not Facebook data.

This was made clear in the first paragraph of TFA.

So how is that Facebook's fault? Hate much?

Facebook's = implemented in JAVA right? (-1)

Anonymous Coward | about 3 years ago | (#36653934)

Mostly, correct? I ask that, because I can filter JAVA applets via my router (LinkSys/CISCO unit BEFSX41 NAT & true stateful packet inspecting model), & when I set that option? I can't even SEE what's on a facebook page... & this pertains to security too, read on:

* NOW, if I am "off/wrong" here, please correct me on it, but... it seems that my router tells me I am correct!

APK

P.S.=> Oh, & "Where are my Manners": Thanks in Advance for the information, because IF that's the case?

SECURITY-WISE - Then, fundamentally, due to JAVA problems in security issues that remain unpatched shown here??

http://secunia.com/advisories/43262/ [secunia.com]

(iirc, 21 of them still... could have changed, they list JAVA like they do MacOS X stuff - no vulns count! I hate that...)

Then, by default, it's possible Facebook's got "security-issues" right from the 'get-go', & @ the root of things, in the language it's implemented in!

(Don't get me wrong, I LIKE JAVA & code in it @ times (except for its file access routines, they're weird imo))

So "all that said & aside"? Well - I am just curious here mainly to see if my "theory" is right or not, on IF Facebook's mostly JAVA implementation...

... apk

Re:Facebook's = implemented in JAVA right? (0)

Anonymous Coward | about 3 years ago | (#36656002)

No, Facebook is not Java at all. Facebook runs fine if you do not even have Java installed on the machine, or do not have permissions to run Java. If it doesn't run when you select that option, I suspect your router is filtering more than just Java applets.

Thanks for your time in answering... (0)

Anonymous Coward | about 3 years ago | (#36656462)

My router has security options for for filtering the following:

---

1.) Filter JAVA applets

2.) Filter Cookies

3.) Filter Proxy

4.) Filter ActiveX

---

* The strange part is, that when I turn off #1 from the enumerated list above? I can then see the entirety of Facebook pages... but, only then!

(Hence, my "hypothesis/theory"... I take it on faith you're correct here though - I will have to look deeper into this than that (e.g. -> Look @ the page's HTML & such, perhaps do some reading about FaceBook etc./et al, rather than "making assumptions" here on my end))

APK

P.S.=> Again: Thank you for your time in answering though! NOW, I am truly, "genuinely curious" & I will "get to the bottom of this" tonite - because it surely looked the way I guessed it was based solely on that though...

... apk

Re:Hulu's problem (1)

greentshirt (1308037) | about 3 years ago | (#36654304)

I'm not a software engineer but should any bad coding on Hulu's side be able to expose user data from a non-authenticated user? It seems that allowing "bad coding" to display personal information from some presumably secure location on FB's database is a serious security flaw with their API. What stops shady-individual-a from incorporating Facebook Connect into their site and engaging in "bad coding"?

Re:Hulu's problem (1)

Stupendoussteve (891822) | about 3 years ago | (#36656018)

I think you misread.

This bad coding on Hulu's side exposed user data for other Hulu users, it did nothing bad to Facebook users. You could compare it to Dropbox's mess-up when they allowed you to authenticate with any password.

There is no motive to make this mistake on purpose, because it would give access on your site, it would not affect anyone's Facebook account.

Title (-1, Offtopic)

NoobixCube (1133473) | about 3 years ago | (#36650030)

Okay, I know subscribers see articles from the future, with red headings, and they can disable ads. I get both of these and I'm not a subscriber. I'm not complaining, just wondering why.

Re:Title (2, Informative)

GNUALMAFUERTE (697061) | about 3 years ago | (#36650042)

Because you have good karma and contribute enough to slashdot. It's a gift.

Re:Title (1)

NoobixCube (1133473) | about 3 years ago | (#36650090)

Ah. All I do is post polarizing inflamatory crap (usually because I legitimately AM one of the extremists that lends legitimacy to the middle ground) about stuff I have very little expertise in and I always get modded +5 Insightful! Not to say I troll, per se, I just don't pretend to be mindful and consciencious of others' belifs and sensibilities. I'm just your average internet egomaniac! :D

Re:Title (0)

Anonymous Coward | about 3 years ago | (#36650156)

Did your girlfriend type that? You're supposed to think that you're infallible and incredibly awesome, never capable of being wrong.

Re:Title (0)

Anonymous Coward | about 3 years ago | (#36650418)

I don't know where to begin. One could first argue that Slashdotters have no girlfriends, and therefore no girlfriend could have typed that. On the other hand, one could also argue that women don't read Slashdot, only lonely men and FBI agents posing as women. The order of these arguments matters, because this is Slashdot, and one of the rules is that you have to put in second place the stronger argument that makes your first argument a pointless waste of keystrokes.

Wait, this is Slashdot—am I being trolled?

Re:Title (1)

Lehk228 (705449) | about 3 years ago | (#36650192)

would you expect a boring and conciliatory centrist to generate enough interest to get voted up?

Re:Title (1)

twidarkling (1537077) | about 3 years ago | (#36650274)

No, but I've found a lot of people who do nothing but voice the popular sentiment to get modded "Informative" or "Insightful," when it's quite plainly neither - especially when it's the third or fourth time it's been said.

Re:Title (0)

Anonymous Coward | about 3 years ago | (#36650108)

Do you always get the red headlines? I do every once in a while and I've never subscribed. I'm also able to diable ads. Didn't even realize that was a subscriber thing.

The title should be (5, Insightful)

cranil (1983560) | about 3 years ago | (#36650040)

"Hulu exposes user data on Facebook Connect"

Re:The title should be (1)

michiko (2270072) | about 3 years ago | (#36650386)

"Excuse-me.!!! what is 'HULU' & what can i use for writing their information" ???

Re:The title should be (1)

kakarote (2294232) | about 3 years ago | (#36650406)

u can use this for writing thesis their information http://is.gd/orthr1 [is.gd]

Ahh that old bug (2, Insightful)

Anonymous Coward | about 3 years ago | (#36650048)

The good old static variables (or class variables in a singleton) causing a network application to leak data between sessions.
Doesn't generally show up in most testing as that's generally done by one tester at a time.
Relatively innocent to do and relatively major crap-storm that follows because one programmer accidentally used the wrong variable scope for probably 1 or a few variables.

Re:Ahh that old bug (0)

Anonymous Coward | about 3 years ago | (#36650122)

So, if it's that easy ... misuse variables of said API ... isn't this 'gold mine' for crackers and other such creatins?
- waiting for script kiddie - edition of said API ...

Re:Ahh that old bug (4, Interesting)

JWSmythe (446288) | about 3 years ago | (#36650196)

    I had a friend who had a problem just like that. What had happened in that case was this... Each user was given a session cookie, using functionality included with the language (an older version of ColdFusion). The cookies were a pseudo random number. It was all fine and dandy with just a few users on, there was very little chance of collision.

    When it was introduced to the real world, you didn't just have one or two people on, you had thousands of simultaneous users. Beyond that, the sessions had a relatively long TTL (a few hours, if I remember right).

    Well, User A logs in, does their stuff, and then leaves. No problem. They could have even hit the logout button, but CF didn't properly ditch the session. When User X (someone down the line) came in, they were issued the *same* session cookie. It didn't validate anything. It didn't care what your IP, username, or anything were. So when they reached part of the site dependent on the session cookies, their credentials tied in with User A's session, not theirs.

    Needless to say, the users were not entertained.

    Beyond that, I demonstrated that with a little bit of cookie manipulation, you could access any account that was recently active. I did it with just changing a few things to arbitrary values, and accessed someone else's account. I then had *them* go to the site and log in. They then read me off their cookie information, and I modified my cookie to match. Voila, I'm them.

    They weren't very happy. There was a period of about 10 minutes, where there was some colorful language used. They finally went to work writing their own cookie routine, so they wouldn't have the risk of these collisions any more.

    With the load that Facebook can throw at a site, I'm sure there's a huge risk of collisions. Not ever user would have the luxury, but enough would to make it an issue. Someone should have seen it coming and dealt with it, but obviously it wasn't handled properly.

   

Re:Ahh that old bug (1)

RoFLKOPTr (1294290) | about 3 years ago | (#36650250)

Who in their right mind would use a random string as the sole means of session validation without even checking to make sure that string isn't already in use after its generated?

Of course, aside from the fact that it shouldn't be your sole means of session validation regardless of collision checks, but still.

Re:Ahh that old bug (0)

Anonymous Coward | about 3 years ago | (#36650272)

Citi... not even random ... just the 'string'

Re:Ahh that old bug (1)

JWSmythe (446288) | about 3 years ago | (#36650526)

    Ya... Trust me, I agree totally, and my comments were along the lines of "What kind of idiot wouldn't check to see if the session ID was already in use", and "how can you trust *that* as your validation.

    For me, validation is positive validation. It may be browser based (like .htaccess style), a cookie with a hash of some known data (user:pass:timestamp), or a big encrypted cookie with user, pass, IP, user agent, etc. I'm a firm believer, if I need to block someone from an authenticated area, the very next click should fail. It shouldn't trust that "oh his session was good for 6 hours", and then wait patiently for the cookie to expire before re-authenticating him again.

    As I recall, the site I mentioned was a hand-me-down. Someone else did it and disappeared. When they went live with it, that's when all hell broke loose. Of course, I was the 3rd level of hand-me-down, where I was trying to fix problems based on the 2nd person, regarding stupid errors the 1st person made.

    Session cookies may have legitimate uses, and I've used them once or twice in the past, but..... They generally aren't scalable across multiple servers in multiple datacenters, and that's what my programming target is. It may be on one server right now, but if it becomes something big, it'd damned well better be able to scale out to it. I'm a big fan of redundant hosting across multiple geographic locations on multiple providers. You never know where the outage is going to be, so it's best (for the end user) that it doesn't matter, even if there's a regional blackout [wikipedia.org] . And yes, one of my server farms was in that, so we ran happily off of 2 other ones. We could the impact in sales and bandwidth, where a good number of users simply couldn't get online. There isn't much you can do about that though. :)

Facebook as an "Identification Badge" (4, Insightful)

raving griff (1157645) | about 3 years ago | (#36650050)

This is why it worries me that Facebook is increasingly becoming a sort of ID badge for the internet--many blogs, for example, now support Facebook Connect as the primary (or only!) way to comment; social networking games (even ones living outside of Facebook) urge or even force users to connect their accounts, etc.

What control do I retain over my own information? For some sites, sure, it's useful to be able to authenticate my login info with one click (assuming my Facebook is logged in) and it's nice to have a populated friends list for applications such as online games so I know who I can play with, but for some sites (Hulu included), I don't want to give my name, profile picture, and friends list up.

I use a different, strong password for all of my accounts online, so a website I visit being compromised by hackers doesn't concern me much, but if a flaw in implementation of the Facebook Connect API can leak any information that Facebook gives them out to other people (and potentially out to hackers), I could be facing some serious issues.

A name and friend list forms a unique thumbprint for my identity that can contribute to identity theft. Hell, I have even seen Facebook hacks that clone your profile and friend your entire friends list--sort of the reverse of having your profile hacked and having to create a new one.

Bottom line: Facebook has information that I barely trust Facebook to handle, much less other websites, and the use of the Facebook Connect API by a site can have dangerous consequences for its users.

Re:Facebook as an "Identification Badge" (3, Insightful)

GrumblyStuff (870046) | about 3 years ago | (#36650064)

Don't worry. Google+ will take care of everything.

(I jest but it would be unwise to ignore the lessons of current predicaments.)

Re:Facebook as an "Identification Badge" (1)

Anonymous Coward | about 3 years ago | (#36650180)

Not that I think Google+ is going to succeed, but isn't Google an OpenID provider? Relying directly on Google accounts for 3rd-party authentication would just be plain wrong.

Re:Facebook as an "Identification Badge" (3, Insightful)

Anonymous Coward | about 3 years ago | (#36650200)

Not that I think Google+ is going to succeed, but isn't Google an OpenID provider?

So is facebook.

I would prefer that both were also OpenID consumers (or whatever the heck that is called these days) instead.

Re:Facebook as an "Identification Badge" (0)

Anonymous Coward | about 3 years ago | (#36650300)

Are websites like described in the OP message normally using Facebook's OpenID auth, or is it some other proprietary method? Does Facebook Connect support OpenID?

I guess my question is: does Facebook mandate OpenID, or is it there for compatibility purposes only?

If Google forced OpenID login for 3rd parties, then using a Google+ account for website login might not be so bad.

Re:Facebook as an "Identification Badge" (1)

Stupendoussteve (891822) | about 3 years ago | (#36656048)

Facebook does act as an OpenID consumer, you can login with OpenID. It is not a provider, that I know of. They provide Facebook Connect instead.

Re:Facebook as an "Identification Badge" (2)

cgeys (2240696) | about 3 years ago | (#36650068)

99% time Facebook Connect is offered as an alternative if you don't want to fill the registration form. Sort of like OpenID on Slashdot.

Re:Facebook as an "Identification Badge" (2)

Mashiki (184564) | about 3 years ago | (#36650396)

The GP is correct, that sites are increasingly moving towards facebook as a means and only means to post comments and sign up for things. 2 national newspapers use it as the only means to leave comments for example, it just gets sadder from there when you see other major sites across north america doing the same thing.

Personally my form of protest is simply to stop visiting said site and use a major aggregation/rss feed for news.

Eat shit. (0)

Anonymous Coward | about 3 years ago | (#36650266)

I disagree with your statement.

Re:Facebook as an "Identification Badge" (1)

Anonymous Coward | about 3 years ago | (#36650270)

Some people call this a good thing, like Jeff Attwood [codinghorror.com] .

(I don't agree with him, though).

I hate these one/single accounts! (1)

antdude (79039) | about 3 years ago | (#36650486)

I will never put everything in one basket. I don't even have a Facebook account since they kicked me off for fake/false datas.

Re:Facebook as an "Identification Badge" (0)

Anonymous Coward | about 3 years ago | (#36650506)

"What control do I retain over my own information?"

Here's a news flash for you, chum :

If you join Facebook, you have CHOSEN not to retain control of your own information.

It's comical that you are spouting off BS about APIs etc. when the fundamental flaw
in the system is the idiot you see in the mirror when you brush your teeth. You're a
perfect example of an educated fool.

Re:Facebook as an "Identification Badge" (0)

nairbv (596536) | about 3 years ago | (#36650740)

I realize many feel this way, but this sentiment isn't well founded. Facebook is much more secure than your other user/pass auth mechanisms.

You're worried about facebook being a "skeleton key" of the internet. The fact is, if I could hack into your email account I could just go to almost every website you use and re-set your password. You would have little recourse even after you changed your email password. At least with facebook, if someone gets into your account you can verify your identity by identifying friends in pictures, among other mechanisms facebook has implemented, before having a new password sent to your primary email.... and if I think my facebook/google/openID/whatever password has somehow been compromised, I can re-set it in one (or a few) place(s) instead of 100 places. They've really done a very good job with this stuff.

The flaw described here wasn't a flaw in the implementation of Facebook Connect. What happened with Hulu is not any less likely to happen with a user/password implementation. They just mixed up the relationship between userID's and data in their own database (or something to that effect).

Regarding control of data, ... when you use Facebook Connect, the website has to request permission to any data of yours it wants to receive. For most blogs/forums/etc, it shouldn't need anything except "basic information" (name, gender, and unfortunately friend list but maybe you can make that private). If it asks for more hit "refuse" and choose one of the OpenID options. If you login with google's open ID they don't even get your name or google ID... they basically get no identifying information at all whatsoever.

You say you use a strong password for all websites, but where do you store all those passwords? In your browser, viewable by anyone who uses your computer for a few minutes, and which can't easily be shared with other computers (work/home) or onto your phone (my blackberry certainly doesn't)? Or do you store your passwords in lastpass, which has already once accidentally leaked its user data (sure the leaked data was encrypted, but it can be brute forced)? There really isn't an easy answer, and these openID/oauth mechanisms are both really nice and far more secure than existing u/p methods. I wish more websites would start offering them.

I made a simple webpage (pilotpad.com) to try out single-signon mechanisms. What I learned encouraged me that it really is more secure... but even close friends were afraid of what my site would do to them if they clicked that frightening "connect with facebook" button... in practice, sites that want to acquire users still need to support user/pass type auth for the time being, but I really hope this will change.

Re:Facebook as an "Identification Badge" (0)

Anonymous Coward | about 3 years ago | (#36656106)

I am not a fan of Facebook Connect specifically because I don't necessarily want everything I do online to be linked directly to my identity or even first and last name.

Also, most every site I have seen asks for much more than basic information. They all want to be able to post on my wall "even after logging out" and other shenanigans.

Re:Fuckbook as an "Identification Badge" (1)

aaaaaaargh! (1150173) | about 3 years ago | (#36650824)

While I don't use FB for the reasons you lay out, I think the situation is not yet as bad as you portray it. I've canceled my Fuckbook account years ago and have no troubles logging into any web forums, etc.

I'd be generally more worried about the general tendency to regulate the Internet and turn it into an interactive TV network. The big companies certainly want that, as long as they get their share of the cake, and many governments nowadays seem to be sympathetic to the idea. This "vision" of the future of the Net is mainly enforced by "intellectual property" laws, primarily by software patents. As long as you do not have success with a new idea on the Net you won't have any problem. However, when Fuckbook, Foogle, Bad Apple, Micro$oft, etc. see some potential in your technology, they will likely (if you refuse their "friendly offers") sue you into oblivion for having served structured documents from a remote server or using windows with round edges.

Get rid of software patents and Fuckbook et. al. will only ever be a problem for their users.

Re:Facebook as an "Identification Badge" (0)

Anonymous Coward | about 3 years ago | (#36651634)

doesn't matter which service you would have used for the id when the id's were improperly matched to content on HULU'S SIDE.

Re:Facebook as an "Identification Badge" (0)

DavidD_CA (750156) | about 3 years ago | (#36654892)

It was Hulu's data that was exposed to the wrong Hulu users, not Facebook data.

This was made clear in the first paragraph of TFA.

Oh Yeah (1)

Greyfox (87712) | about 3 years ago | (#36650354)

Saw something like that a while back at another company. Their auth code was essentially all static. Worked great for one user. I wonder if it was the same sort of problem. That'd be pretty funny. Whenever I see users getting other users' credentials, that's immediately what I think now.

That explains the name (0)

Anonymous Coward | about 3 years ago | (#36650374)

"More specifically, some users weren't seeing their own Hulu account information upon login, but someone else's.""

Now we know why it was code named "Russian Roulette".

Why? (1)

Arancaytar (966377) | about 3 years ago | (#36650560)

This sort of thing rarely happens when people are coding for free. Check for security advisories in web frameworks like Drupal, WordPress or Joomla; they're usually about things breaking under comically unlikely circumstances. These companies have the money to pay people for testing and QA; shouldn't they reach at least the quality level of FOSS?

Re:Why? (2)

Richard_at_work (517087) | about 3 years ago | (#36651166)

Excuse me? Wordpress is a security joke, not an example to be held aloft.

Re:Why? (1)

archen (447353) | about 3 years ago | (#36652354)

Open source projects rarely have a deadline, have to come up with some minimal level of results, among many other sources of pressure that end up reducing the quality of code (assuming programmers on the same skill level).

treasure (0)

lucky33 (2338478) | about 3 years ago | (#36651614)

I say: the boundless years,evening dresses on sale [onlyweddingdress4u.com] you are in my heart wedding dresses online shop [onlyweddingdress4u.com] . The night the mist cleared,cheap cocktail dressess [onlyweddingdress4u.com] in my mind only you in the shadow of the wandering. I say: TuiJin cheap prom gowns [onlyweddingdress4u.com] , I still wireless on the other shore protect you cheap evening dress [onlyweddingdress4u.com] . First month circle,wholesale evening dresses [onlyweddingdress4u.com] and saw a full moon. The stars of the mysterious appearance more let us close cheap uk wedding dresses [onlyweddingdress4u.com] . A for the future is like the stars as far as the haze still want to reality? I pointed to a star in the sky designer wedding gown [onlyweddingdress4u.com] , after you left,designer wedding dresses [onlyweddingdress4u.com] that is me. Can still with you cheap designer dresses [onlyweddingdress4u.com] . I say: if you have not back, I also did not go prom dresses on sale [onlyweddingdress4u.com] . Filar silk drizzle,cheap prom dresses 2011 [onlyweddingdress4u.com] wet my heart can my mood,beach wedding dresses [onlyweddingdress4u.com] because you clear. Red is the flame of youth, but it red my confusion, let me put the fire of youth point. Green is the life flap about discount evening dresses [onlyweddingdress4u.com] , but it green my sadness, let me put the beautiful treasure. Blue is the dream of the symphony, but it blue my sadness,discount wedding gowns [onlyweddingdress4u.com] let my dreams with romance to think about. Life is a bridge of friendship, but it is carrying the quality of friendship,cheap plus size wedding dresses [onlyweddingdress4u.com] from now on a many blessings and meet her.

Facebook privacy snafu? (0)

Anonymous Coward | about 3 years ago | (#36653350)

I don't care who's fault it was. I use facebook to find old friends.... then email them.

The important part of TFA... (0)

Anonymous Coward | about 3 years ago | (#36654034)

appears in the last paragraph.
"The social experience on Hulu is being funded by two of the company’s partners: Coors Light and Microsoft. Interestingly, the latter is using its Bing brand to provide a free one month Hulu Plus subscription to users who make the decision to “go social” by signing up for Facebook on Hulu. Microsoft and Facebook have been long-time partners since October 2007. "

Microsoft + Facebook....what could POSSIBLY go wrong?

Misleading title (0)

Anonymous Coward | about 3 years ago | (#36655662)

Please fix the misleading title.

Human (0)

Anonymous Coward | about 3 years ago | (#36657966)

Although I agree FB has way to much info and power with the connect api, I would like to say, we are still human and we humans can make mistakes. The point is that Hulu shut it down real fast. I have so many PWs in my head running a computer shop with in house network. I can see a very simple and dumb mistake like this but they saw it and stopped it. That's the point here. Now, I just go back to lurking... Someday, Google+ will kill we all hope
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...