Just Another Boring Blog About Different Subjects

This Facebook Bug Allowed Anyone To Delete Your Photos

TechCrunch

fb

How many photos do you have on Facebook? How many of those are photos you never thought to back up?

This just-disclosed Facebook bug would have allowed for anyone with a bit of technical know-how to delete any photo on Facebook.

Fortunately, the guy who discovered the bug (Laxman Muthiyah of India) was quick to give Facebook a heads up — and for his troubles, he got a $12,500 bounty. (Sure, the bug could have pretty easily done more than $12,500 worth of damage to Facebook — but that’s not quite how bug bounty projects work.)

Facebook turned around and fixed the bug in about two hours.

Laxman has a breakdown of how it all works here, but here’s the short version: Facebook’s Graph API wasn’t checking permissions properly. If you sent a request to the Graph API to delete another user’s photo album and toss your own Facebook for…

View original post 169 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s