http://technology.timesonline.co.uk/tol/news/tech_and_web/article3617360.ece
By Jonathan Richards
Times Online
March 25, 2008
A security lapse on Facebook has allowed its users to gain access to
vast libraries of private photographs, including one of Paris Hilton
drinking beer with her friends.
A Canadian hacker exploited a recent upgrade to the networking site's
privacy settings to view pictures that were intended to be private,
including some of Paris Hilton partying with her brother, Barron
Nicholas, at the recent Emmy awards.
Facebook was told about the problem yesterday afternoon, and said it had
since fixed the bug.
Byron Ng, a computer technician from Vancouver, began looking for flaws
in the site's security after an upgrade last week purportedly gave
Facebook's 40 million users greater control over the way they shared
material such as photographs with their friends.
Mr Ng found that he was able to pull up recent pictures posted by
Facebook users, even if the owners intended them only to be seen by a
select group of friends.
In a subsequent test, the Associated Press reported [1] that it was able
to access several private albums, including one posted by Mark
Zuckerberg, Facebook's founder, in November 2005.
The breach comes on the same day that children's charities urged
ministers to ban companies from trawling websites such as Facebook to
gain access about potential employees, in a process known as "digital
dirt-digging".
Record numbers of people are posting intimate details about their lives
online, despite warnings from privacy campaigners that photographs are
extremely difficult to erase once uploaded to the internet.
The Information Commissioner's Office recently reiterated its warning
[2] about the risk of posting details on social networking sites after a
study found that the amount of information stored about us on the web
will grow by a factor of ten between now and 2011.
In a statement acknowledging the security flaw, a Facebook spokesman
said: "We take privacy very seriously and continue to make enhancements
to the site.
In June last year, Facebook was forced [3] to update its privacy
settings after it was revealed that certain information about users -
such as their sexual preference and religious beliefs - could be
ascertained by searching the site.
[1] http://ap.google.com/article/ALeqM5ijANq3fmx9AZNNrf7Q1PwCN1cKUAD8VK51UG1
[2] http://technology.timesonline.co.uk/tol/news/tech_and_web/article3529108.ece
[3] http://technology.timesonline.co.uk/tol/news/tech_and_web/article2005618.ece
___________________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn