[ISN] Researcher hacks Facebook to expose rival's private photographs

From: InfoSec News <alerts_at_private>
Date: Wed, 18 May 2011 03:48:11 -0500 (CDT)

By John E Dunn 
17 May 11

An Australian security researcher has compromised Facebook security in 
the most personal way imaginable, publically ‘hacking’ private 
photographs posted to the service by the wife of a disliked rival 
security professional.

The declared intention of Christian Heinrich’s session 'For God Your 
Soul... For Me Your Flesh', presented to a reported 20 attendees of the 
Australian Security B-Sides conference, was to expose the weakness of 
Facebook’s privacy settings.

Controversially, the IT contractor chose to prove his point by accessing 
private photographs posted to the social media site by the wife of a man 
he is reported to dislike, HackLabs director Chris Gatford.

Heinrich’s ‘hack’ took seven days and involved guessing the URL of 
private Facebook images stored by Facebook using a separate content 
delivery network (CDN), which in his view represents a major security 
weakness for anyone posting personal data to the site. He was also able 
to hack into the couple’s private images on Flickr.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Wed May 18 2011 - 01:48:11 PDT

This archive was generated by hypermail 2.2.0 : Wed May 18 2011 - 01:59:33 PDT