Facebook Instant Personalization Has a Security Hole, No One Shocked
Facebook Instant Personalization Has a Security Hole, No One Shocked
Posted 05/11/2010 at 1:45pm
| by Ryan Whitwam
3
Comments
Print
There are a lot of reasons to distrust Facebook's Instant Personalization service, but the list grew by one more today. The issue is an exploit that takes advantage of Yelp's participation in the Instant Personalization feature of Facebook. The attack allows a shady character to get access to all a user's Facebook data if they visit Yelp while participating in the Instant Personalization program.
The exploit took advantage of Yelp's association with Facebook by way of cross-site scripting to inject malicious code. In the past, this wouldn't have affected Facebook data, but Yelp is one of Facebook's Instant Personalization partners. This means Yelp has access to user data immediately upon visiting the site. The scary thing here is that the exploit would work even if you had never been to Yelp.
Facebook claims to have taken care of this security hole, but this event leaves us even more unsettled than before. It seems we can't go a day without learning of another Facebook security issue. We shudder to think what would happen if Instant Personalization were available for more than three sites.
More like this
violian
May 12, 2010 at 9:59am
I used to spend atleast 1-2 hours per day on Facebook when it was much simpler and uncluttered - it was the reason why I chose FB over Myspace. Now, it's gotten way too cluttered, messy, and complex. All of these app requests, games, telling me to join these groups, surveys....are you serious? And now, on FB mobile, the only thing I see on my News Feed are updates to artists that are on my Favorite-Musics lists: like where Usher is performing and if I wanna buy tickets. I spend less than 10 minutes per day now on FB. It's gotten too obtrusive.
popstop785
May 11, 2010 at 2:31pm
I turned the Personalization crap off the moment they added that stupid feature. Facebook is trying to make the world my friend. Facebook needs to leave the social networking to a personal choice.
Enozo73
May 13, 2010 at 1:52pm
Nothing about "lack of security and privacy" shocks me anymore with Facebook. They have gone from a pretty kool site to to a WTH were they thinking when they changed that site in 18 months.
Some change is horrible and ineffective and Facebook shows us that on a regular basis.
Connect with MaximumPC
Featured Content
We introduce Intel's latest class of tablet killers and review 4 of the first Ultra...
Where have all the memorable videogame enemies gone?
This month's issue
Feature
11 Hardware Hacks
Feature
Overclock Your CPU
How-To
Supercharge Your Smartphone
Build It
A Powerful $830 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Can RIM *ever* catch a break? Not today! App World numbers not as great as previously reported http://t.co/3ERRhr3120 hours 7 min ago
- maximumpc: Solid state shakeup: Intel 520 SSD vs OCZ Octane vs Patriot Pyro SE! http://t.co/lXDufI7w21 hours 24 min ago
- maximumpc: Woman Ordered to Decrypt Laptop Claims She "Forgot" Key http://t.co/C2TCp4Ml22 hours 18 min ago
