digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

The Tip of the Facebook Exploit Iceberg

maximumpc.com — Remember the Paris Hilton exposure? This describes in great detail the security and privacy issues with Facebook.

Bury
show profanity settings
expand all
  • havshaj, on 03/27/2008, -5/+6it really was way more fun when these exploits still worked but they've been fixed for quite some time now.
    • putergirl, on 03/27/2008, -2/+6worked fine for me when I tested it a few hours ago :) Try it
      • Drakh, on 03/27/2008, -0/+9doesn't work at all anymore -- it was fixed, thanks to that stupid AP story that blew it all over the place. Prior to that--as in a few days ago--the exploit worked perfectly.
      • havshaj, on 03/27/2008, -0/+5you're right! so they've only fixed it partially then as the other exploits that i've tried don't work anymore.but this does. :)
      • havshaj, on 03/27/2008, -0/+7seems like it only works if you are friends with subj=[ID].
        • havshaj, on 03/27/2008, -1/+17since you have to be friends with subj=[ID] for the exploit to work you might as well
          go directly a friends profile, select "view photos of (friend)" and click on a "added by others"
          photo. make sure it's added by someone you aren't friends with. then click "next" or "previous" to
          step between the photos and you will notice that the url changes
          and gets a number sign (#) with a pid= afterwords. delete all the characters between the question mark (?)
          and the new pid= (including the number sign #) and voila! you now have access to a photo album of someone
          you aren't friends with.
        • evanfp, on 03/27/2008, -0/+2awesome! now...let's not ***** this one up guys. keep it on the d/l for christ sakes. and whatever you do, dont tell that byron *****
        • xtremesniper, on 03/27/2008, -0/+1havshaj, unless I did it wrong, it doesn't work anymore.
        • havshaj, on 03/27/2008, -0/+2still works, not saying that anyone should try it though
  • magaliiiii, on 03/27/2008, -1/+8Well good, now I can keep tabs on the sketchy private gifts my boy-thing has been handing out...
  • sgtcaboose, on 03/27/2008, -1/+25*deletes nude photos*
    • n3demonic, on 03/27/2008, -0/+10Too late, I've already saved it and spread it all over the internet.
    • endlessoul, on 03/27/2008, -0/+6Dude, if you put anything on the internet, pictures, ANYthing, then it'll never go away.

      Your nude pictures will be forever part of the internet. Congratulations.
  • snap326, on 03/27/2008, -11/+2Nice, Story, Thanks
    • Zain123, on 03/27/2008, -2/+3What's, With, The, Commas, And, Capitalization
  • brettz, on 03/27/2008, -10/+5byron ng is a tool, if it weren't for him reading some blogs and calling the press we'd still be able to use these exploits which have been around for almost 2 months now.
  • ralphthemagi, on 03/27/2008, -3/+12What a waste of time. Just use 10 Minute Mail to create a temp Facebook account with the name of someone already in their friends list and re-friend them. Bam, you're in. By the time they notice, you've already gotten all the information you need.
  • chanop, on 03/27/2008, -27/+2Vote 4 John McCain!
  • Equinox1, on 03/27/2008, -0/+45"Remember the Paris Hilton exposure?" I'm pretty sure nobody cares or wants to remember.
  • scoresman, on 03/27/2008, -7/+2Jessie Ventura 08!
  • moodley, on 03/27/2008, -0/+32I've got an idea... how about not posting photos on a social network that you don't want people to see??
    • blitzkriegpunk, on 03/27/2008, -0/+9Not gonna happen because that, good sir, makes too much sense.
    • Asheis, on 03/27/2008, -0/+3Exactly. It's a public vs. private debate. When do you have privacy? If you're out and about, and doing something interesting (example: being nude), you can assume people will pay attention. Don't complain about that attention afterwards.

      Why do people post private pictures on the net and then complain of privacy? I have no idea, but they don't have the right to bitch about it.
    • ace144, on 03/27/2008, -1/+0hey, it's not my fault if someone takes a picture of me at 2:30 in the morning. I say just leave the pictures up.
    • Maver1c, on 03/27/2008, -0/+1I agree, although I think a problem may arise when someone posts pictures that you happen to be in without you knowing, which happens all the time for a lot of people who use facebook and other social networks.
  • Ragarnok, on 03/27/2008, -0/+3Seems fixed :O
  • linaljohnt, on 03/27/2008, -1/+11If you think that Facebook is secure enough to host personal information about you that could cause problems then it's your own fault..
  • algo, on 03/27/2008, -0/+4i don't class this as an exploit. it would be an exploit if you could access content for IDs you didn't know. if your account is 100% locked down you would be safe.
  • sbohan, on 03/27/2008, -3/+1Which exposure of Miss Hilton is the OP referring to? :P
  • IanPR, on 03/27/2008, -3/+4Mirror: http://72.14.205.104/search?q=cache:CX22uQO3adoJ:w ...
    • Drakh, on 03/27/2008, -0/+2Original site's back up -- and this mirror is outdated! More exploits in the original.
  • InThePants, on 03/27/2008, -1/+8Sweet, I can't wait to see the photos of people I don't know.
  • Furkle, on 03/27/2008, -0/+6with all this talk of the facebook privacy issues just out of curiosity does anyone know how to delete your digg account?
    • xsquirrel378x, on 03/27/2008, -0/+5post CP
    • YourScarGrandpa, on 03/27/2008, -0/+4You can request for your account removal by contacting support@digg.com. Please keep in mind that this action cannot be reversed. Also make sure to email us from the email address associated with your Digg account. If your email address has changed since you created your Digg account, you can change it in the Email Preferences settings in your Profile.

      http://digg.com/faq
  • mnk0, on 03/27/2008, -6/+0I think facebook is totally secure, and never had any problmes by putting all my personal info on it.
  • richbradshaw, on 03/27/2008, -5/+1http://digg.com/software/Get_all_Facebook_friends_ ...
  • herecomes, on 03/27/2008, -2/+0I'll start worrying about this as soon as I'm stupid enough to put any actual personal information on *****.
    • Ender008, on 03/27/2008, -0/+1Wow. Aren't you creative?
      • herecomes, on 03/27/2008, -0/+1This is digg. Anything even remotely creative or witty would be wasted here.
  • Jack9, on 03/27/2008, -2/+2All they have to do is add a reversible cipher to UIDs. Change it irregularly and viola, problem solved. Article writer is a ignorant and this is completely uninteresting.
  • 4d669, on 03/28/2008, -0/+1Phishing on Facebook is just as easy as phishing Myspace. Anonymous phised +700,000 Myspace accounts in a day, they could easily do the same with Facebook and there is no fix in sight.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.