Facebook Security

Face­book is start­ing to show more kinks in their armor. There have always been secu­rity issues with Face­book beyond the sex preda­tors. That secu­rity is a user cho­sen action “Block­ing a Per­son”, and is what I wish to discuss.

What hap­pens when you block some­one on Face­book? In the­ory this means that you will no longer see that per­son on Face­book in any shape form or fash­ion. You won’t know if that per­son wrote on the wall of a mutual friend, is even the friend of some­one, you won’t even find that per­son on a search of Face­book. This has almost always been true, how­ever there are flaws in the sys­tem as there are in every secu­rity sys­tem. I per­son­ally have sev­eral peo­ple blocked on Face­book due to per­sonal rea­sons that don’t mat­ter to this con­ver­sa­tion. I have been able to both find these peo­ple and access their pro­files even though I shouldn’t be able to. I won’t go into how to able to do this, for two rea­sons, A — it’s extremely tedious and tech­ni­cal, and B — Face­book changes the sys­tem often enough that it has to be done a dif­fer­ent way every time. How­ever that isn’t the point of this, instead I want to focus on some­thing else and much more direct and eas­ier access — exter­nal applications.

Exter­nal appli­ca­tions have become the new talk of Face­book and are open­ing up a whole new flood gate of prob­lems. Face­book has all kinds of dif­fer­ent appli­ca­tions that allow you to add value onto the cur­rent ecosys­tem how­ever you desire. One app, which I per­son­ally do not have installed, is called Top Friends. Much like MySpace’s Top Friends, you pick your “Top Friends” and dis­play them on your pro­file page. I was informed that I was placed into the Top Friends chart of a friend, being inter­ested I clicked and took a look at the page and saw who else was listed that I knew. Curi­ously one per­son a name wasn’t dis­played and nei­ther was a pro­file photo. I was won­der­ing who it was so I clicked on the pro­file photo but it took me back to said friend’s pro­file page. Ok, well Top Friends also allows you do a cou­ple other things through Face­book and com­pan­ion apps — Super Poke, Mes­sage, and Write on Fun Wall. So I tried mes­sage as I do not have Super Poke or Fun Wall installed. Guess what I was taken to, a page where I could mes­sage a per­son who was sup­posed to be blocked to me on Face­book. I didn’t test this to see if I actu­ally could mes­sage them as it would defeat the whole pur­pose of the actu­ally being blocked, but since I was at this stage I see no rea­son why I wouldn’t be able to com­mu­ni­cate with this person.

This in my opin­ion is a sim­ple and easy secu­rity flaw that any aver­age per­son would be able to exploit. And this merely demon­strates prob­a­bly a whole host of secu­rity con­cerns that the exter­nal appli­ca­tions are adding to Face­book. My desire isn’t to see Face­book dis­ap­pear or to encour­age peo­ple to harass peo­ple who they have blocked or are blocked by, but rather to draw atten­tion to a hole in Facebook’s armor.

jtyost2

Pow­ered by ScribeFire.

August 1, 2007 – 8:08 pm | By Justin Yost | Posted in Security, Technology | | Short Link http://www.yostivanich.com?p=60 Comments (2) |

Comments are disabled for this post