While I am on Facebook, primarily to keep abreast of my daughter’s dance happenings and also to share my blog posts with family and friends, I tend to keep the site at arm’s length. I’ve never been completely convinced of its security assurances. And now that its creator, Mark Zuckerberg, has had his privacy invaded I’m even more skeptical of their claims.
I’m sure the hundreds of millions who are on Facebook will turn a deaf ear and a blind eye, because they’re certain their privacy will never be breached. It’s like the accident that always happens to somebody else, or the crime that occurs somewhere else…and never to us…or in our community.
I believe that “forewarned is forearmed,” so I’ve reprinted the Wall Street Journal’s article…
Facebook Flaw Exposes Its CEO
by John Letzing
A security vulnerability in Facebook Inc.’s social-networking site exposed by some users sent the company scrambling for a fix after Chief Executive Mark Zuckerberg’s private photos were published online.
In a Nov. 27 post on the Web forum Bodybuilding.com, an anonymous writer listed step-by-step instructions on how to access photos uploaded by other Facebook members, even if the images had been marked as private.
The process involved a Facebook feature that lets users identify pornographic or inappropriate images on the site. The forum post showed that by flagging another user’s profile, one Facebook member was able to gain access to the other’s private images. A blogger on Tuesday reported on the security flaw, and used it to publish a photo from Mr. Zuckerberg’s private collection. Others then used the flaw to publish further photos from Mr. Zuckerberg’s private collection, including images of the Facebook CEO preparing food in a kitchen and distributing candy to Halloween trick-or-treaters.
It wasn’t immediately clear how long the Facebook security flaw was available on the Web, or how many of the site’s more than 800 million users were affected. But the company attributed the problem to a recent revision of its software.
In a statement, a Facebook spokesman said the flaw “was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed.”
The anonymous poster responded in an email to a request for comment by saying he discovered the flaw accidentally. “This is simply terrible programming on Facebook’s part,” said the poster, who gave his name only as John P., lists his hometown as Syracuse, N.Y., and says he is “an IT professional.”
Facebook has faced a series of questions about its security and privacy features since it was founded in 2004. The site has rapidly gained popularity, and Facebook is expected to stage an initial public offering of shares next year that could value the company at over $100 billion.
Last month, Facebook announced it had reached a settlement with the U.S. Federal Trade Commission, after the regulator found the company had misled users about the use of their personal information.