digg

Facebook Connect Join Digg About

The Tip of the Facebook Exploit Iceberg

maximumpc.com Remember the Paris Hilton exposure? This describes in great detail the security and privacy issues with Facebook.

Who dugg this? Made popular Mar 27, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

60 Comments

show profanity settings
expand all
  • Equinox1, on 03/27/2008, -0/+45"Remember the Paris Hilton exposure?" I'm pretty sure nobody cares or wants to remember.
  • moodley, on 03/27/2008, -0/+32I've got an idea... how about not posting photos on a social network that you don't want people to see??
  • sgtcaboose, on 03/27/2008, -1/+25*deletes nude photos*
  • havshaj, on 03/27/2008, -1/+18since you have to be friends with subj=[ID] for the exploit to work you might as well
    go directly a friends profile, select "view photos of (friend)" and click on a "added by others"
    photo. make sure it's added by someone you aren't friends with. then click "next" or "previous" to
    step between the photos and you will notice that the url changes
    and gets a number sign (#) with a pid= afterwords. delete all the characters between the question mark (?)
    and the new pid= (including the number sign #) and voila! you now have access to a photo album of someone
    you aren't friends with.
  • linaljohnt, on 03/27/2008, -1/+12If you think that Facebook is secure enough to host personal information about you that could cause problems then it's your own fault..
  • n3demonic, on 03/27/2008, -0/+10Too late, I've already saved it and spread it all over the internet.
  • ralphthemagi, on 03/27/2008, -3/+13What a waste of time. Just use 10 Minute Mail to create a temp Facebook account with the name of someone already in their friends list and re-friend them. Bam, you're in. By the time they notice, you've already gotten all the information you need.
  • blitzkriegpunk, on 03/27/2008, -0/+9Not gonna happen because that, good sir, makes too much sense.
  • Drakh, on 03/27/2008, -0/+9doesn't work at all anymore -- it was fixed, thanks to that stupid AP story that blew it all over the place. Prior to that--as in a few days ago--the exploit worked perfectly.
  • InThePants, on 03/27/2008, -1/+9Sweet, I can't wait to see the photos of people I don't know.
  • magaliiiii, on 03/27/2008, -1/+8Well good, now I can keep tabs on the sketchy private gifts my boy-thing has been handing out...
  • havshaj, on 03/27/2008, -0/+7seems like it only works if you are friends with subj=[ID].
  • endlessoul, on 03/27/2008, -0/+6Dude, if you put anything on the internet, pictures, ANYthing, then it'll never go away.

    Your nude pictures will be forever part of the internet. Congratulations.
  • Furkle, on 03/27/2008, -0/+6with all this talk of the facebook privacy issues just out of curiosity does anyone know how to delete your digg account?
  • havshaj, on 03/27/2008, -0/+5you're right! so they've only fixed it partially then as the other exploits that i've tried don't work anymore.but this does. :)
  • inactive, on 03/27/2008, -0/+5post CP
  • natenovs, on 03/27/2008, -1/+6i just dont put my "most personal" information on my facebook
  • thetedster180, on 03/27/2008, -1/+6thx for recycling!
  • AlienClown, on 03/27/2008, -0/+4but ... friends!
  • inactive, on 03/27/2008, -0/+4i don't class this as an exploit. it would be an exploit if you could access content for IDs you didn't know. if your account is 100% locked down you would be safe.
  • YourScarGrandpa, on 03/27/2008, -0/+4You can request for your account removal by contacting support@digg.com. Please keep in mind that this action cannot be reversed. Also make sure to email us from the email address associated with your Digg account. If your email address has changed since you created your Digg account, you can change it in the Email Preferences settings in your Profile.

    http://digg.com/faq
  • putergirl, on 03/27/2008, -2/+6worked fine for me when I tested it a few hours ago :) Try it
  • Asheis, on 03/27/2008, -0/+3Exactly. It's a public vs. private debate. When do you have privacy? If you're out and about, and doing something interesting (example: being nude), you can assume people will pay attention. Don't complain about that attention afterwards.

    Why do people post private pictures on the net and then complain of privacy? I have no idea, but they don't have the right to bitch about it.
  • Ragarnok, on 03/27/2008, -0/+3Seems fixed :O
  • d03boy, on 03/27/2008, -0/+3too much work
  • MiDri, on 03/27/2008, -2/+4God forbid you do something you are not supposed to and it gets photographed and put on the site! Don't do ***** you don't want people to see in front of a ***** camera.
  • Drakh, on 03/27/2008, -0/+2Original site's back up -- and this mirror is outdated! More exploits in the original.
  • evanfp, on 03/27/2008, -0/+2awesome! now...let's not ***** this one up guys. keep it on the d/l for christ sakes. and whatever you do, dont tell that byron *****
  • richbradshaw, on 03/27/2008, -0/+2Why does noone care - it's a pretty massive story!
  • NinjaBoy, on 03/27/2008, -0/+2I don't give a *****. The most personal information out there is that im 21 and goto bars from time to time. If any one out there thinks a 21 year old in a collage town ain't going to party, they need to get a grip on reality.
  • havshaj, on 03/27/2008, -0/+2still works, not saying that anyone should try it though
  • Maver1c, on 03/27/2008, -0/+1I agree, although I think a problem may arise when someone posts pictures that you happen to be in without you knowing, which happens all the time for a lot of people who use facebook and other social networks.
  • IanPR, on 03/27/2008, -0/+1Damn you google!
    Thanks though.
  • herecomes, on 03/27/2008, -0/+1This is digg. Anything even remotely creative or witty would be wasted here.
  • 4d669, on 03/28/2008, -0/+1Phishing on Facebook is just as easy as phishing Myspace. Anonymous phised +700,000 Myspace accounts in a day, they could easily do the same with Facebook and there is no fix in sight.
  • iFrikkenR, on 03/28/2008, -0/+1Captain Planet
  • IanPR, on 03/27/2008, -3/+4Mirror: http://72.14.205.104/search?q=cache:CX22uQO3adoJ:w ...
  • havshaj, on 03/27/2008, -5/+6it really was way more fun when these exploits still worked but they've been fixed for quite some time now.
  • inactive, on 03/27/2008, -0/+1http://www.imdb.com/name/nm0001772/
  • Zain123, on 03/27/2008, -2/+3What's, With, The, Commas, And, Capitalization
  • Ender008, on 03/27/2008, -0/+1Wow. Aren't you creative?
  • xtremesniper, on 03/27/2008, -0/+1havshaj, unless I did it wrong, it doesn't work anymore.
  • Jack9, on 03/27/2008, -2/+2All they have to do is add a reversible cipher to UIDs. Change it irregularly and viola, problem solved. Article writer is a ignorant and this is completely uninteresting.
  • hungryhungryhan, on 01/23/2009, -0/+0Call someone and whine about it..sheesh. The internet is not safe.
    http://www.cellphones888.com
  • ZigVicious, on 03/27/2008, -3/+2DO IT *****!!
  • ace144, on 03/27/2008, -1/+0hey, it's not my fault if someone takes a picture of me at 2:30 in the morning. I say just leave the pictures up.
  • sbohan, on 03/27/2008, -3/+1Which exposure of Miss Hilton is the OP referring to? :P
  • herecomes, on 03/27/2008, -2/+0I'll start worrying about this as soon as I'm stupid enough to put any actual personal information on *****.
  • richbradshaw, on 03/27/2008, -5/+1http://digg.com/software/Get_all_Facebook_friends_ ...
  • Fetching more discussions...
    Show 51 - 55 of 55 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.