Facebook Fixes Privacy Bug
Facebook has closed a privacy hole in the site after a researcher posted information about it on the Full Disclosure security mailing list.Facebook has fixed a bug that could have been abused by someone looking to get their hands on the full names and photos of users. Atul Agarwal of Secfence Technologies posted information about the issue to the Full Disclosure mailing list Aug. 11. If someone entered a user's e-mail address and the wrong password in the log-in page, the site coughed up the user's full name and profile picture in addition to an incorrect password message.
"Sometime back, I noticed a strange problem with Facebook, I had accidentally entered wrong password in Facebook, and it showed my first and last name with profile picture, along with the password incorrect message," Agarwal wrote. "I thought that the fact that it was showing the name had something to do with cookies stored, so I tried other e-mail id's, and it was the same. I wondered over the possibilities, and wrote a POC tool to test it."