http://technology.timesonline.co.uk/tol/news/tech_and_web/article3617360.ece By Jonathan Richards Times Online March 25, 2008 A security lapse on Facebook has allowed its users to gain access to vast libraries of private photographs, including one of Paris Hilton drinking beer with her friends. A Canadian hacker exploited a recent upgrade to the networking site's privacy settings to view pictures that were intended to be private, including some of Paris Hilton partying with her brother, Barron Nicholas, at the recent Emmy awards. Facebook was told about the problem yesterday afternoon, and said it had since fixed the bug. Byron Ng, a computer technician from Vancouver, began looking for flaws in the site's security after an upgrade last week purportedly gave Facebook's 40 million users greater control over the way they shared material such as photographs with their friends. Mr Ng found that he was able to pull up recent pictures posted by Facebook users, even if the owners intended them only to be seen by a select group of friends. In a subsequent test, the Associated Press reported [1] that it was able to access several private albums, including one posted by Mark Zuckerberg, Facebook's founder, in November 2005. The breach comes on the same day that children's charities urged ministers to ban companies from trawling websites such as Facebook to gain access about potential employees, in a process known as "digital dirt-digging". Record numbers of people are posting intimate details about their lives online, despite warnings from privacy campaigners that photographs are extremely difficult to erase once uploaded to the internet. The Information Commissioner's Office recently reiterated its warning [2] about the risk of posting details on social networking sites after a study found that the amount of information stored about us on the web will grow by a factor of ten between now and 2011. In a statement acknowledging the security flaw, a Facebook spokesman said: "We take privacy very seriously and continue to make enhancements to the site. In June last year, Facebook was forced [3] to update its privacy settings after it was revealed that certain information about users - such as their sexual preference and religious beliefs - could be ascertained by searching the site. [1] http://ap.google.com/article/ALeqM5ijANq3fmx9AZNNrf7Q1PwCN1cKUAD8VK51UG1 [2] http://technology.timesonline.co.uk/tol/news/tech_and_web/article3529108.ece [3] http://technology.timesonline.co.uk/tol/news/tech_and_web/article2005618.ece ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Mar 25 2008 - 22:20:39 PST