Zuckerberg Insecurity Exposed: A Facebook Bug Attacks Again
Office workers logging into Facebook two weeks ago were “shocked” to discover they were served up other users’ private pages, so was the unsavory Facebook (not so) security news two weeks ago.
Now, Facebook itself is shocked to discover the world has been served up Facebook’s own source code, in all its vulnerable (not so) glory.
Facebook repsonses? In both cases, no real “trusted” social graph problem, it is really the world that got the Facebook story wrong, so suggests Facebook spokesperson Brandee Barker.
Two weeks ago, personal, private, supposedly secure information of Facebook users was exposed to other Facebook users who were not authorized to see it. The security snafu also involved a shutdown of Facebook itself. No worry, a mere minor inconvenience, certainly NOT a security beach was the incredulous public facing Facebook response.
The Barker “clarification” was a circular disclaimer following in the great Google double speak spin traditon. Nevertheless, the Facebook PR “bug” pitch obtained complete reprint in many media outlets:
We temporarily took down the Facebook site to fix a bug we identified earlier today. This was not the result of a security breach. Specifically, the bug caused some third party proxy servers to cache otherwise inaccessible (private, supposedly secure, personal user information) content. The result was that an isolated group of users could see some (private, supposedly secure, perosnal user information) pages that were not intended for them. The site has now been restored and we apologize for any inconvenience this may have caused.”
Why is Facebook so intent on spinning a Facebook takedown incident with substanial user data leakage implications as a mere inconvieninet “bug”? Because the entire Facebook formula depends upon Facebook users believing the Facebook line that the Mark Zuckerberg social graph is the ONLY destination on the Web for a real, secure, “trusted” environment.
Facebook will continue to disclaim security breaches as “bugs,’ in seeking to perpetuate the myth of an absolutly trusting and secure social graph.
Barker strikes again now, in attempting to disclaim away a dangerous and embarrassing public posting of Facebook’s code:
Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
Facebook is flaunting its legal postiion vs a vs its latest seurity “issue” cum bug. BUT, what about the legal recourse of Facebookers when user data is misusd at Facebook?
In Facebook Profile Hijacked: Beware the Dangerous OPEN Social Graph I underscore the fragility of Zuckerberg’s supposedly safe social haven.
A now (in)famous Harvard student cum media Intern threw the Facebook notion of “trust” among Facebookers out a multi-billion dollar IPO window last week when she purported to “out” a fellow Harvard Facebooker by republishing her Facebook profile.
Flaunting Facebook’s own Terms of Service, a Facebook profile was hijacked in the name of media sensationalism; Lucy Morrow Caldwell took a screenshot of Caroline Giuliani’s private profile and posted it to the open Web for the world to see.
Facebook code was not manipulated then, something worse was: The integrity of the Facebook social graph.
The integrity of the Facebook code is now also tarnished.
Unfortunately for the milions of Facebookers, Mark Zuckerberg: Use Facebook at Your Own Risk!
YES, at the end of the Facebook day, despite its slogans and public pronounements, Facebook actually takes NO responsibility whatsoever for any privacy breaches, despite its purported value proposition and claims of being a privacy nirvana.
The Facebook reality:
You post User Content on the Site at your own risk. Although we allow you to set privacy options that limit access to your pages, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users with whom you may choose to share your pages and information. Therefore, we cannot and do not guarantee that User Content you post on the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site. You understand and acknowledge that, even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User Content.
Even without “bugs,” Facebook is bugged by insecurity.
ALSO: Facebook Fans Trash Talk LinkedIn: Will Reid Hoffman Fight Back? and Friend Spam: Robert Scoble and Facebook vs. Twitter vs. LinkedIn
PLUS: Google Gears NOT Powering Google Office: Sun AND Microsoft Win