FACEBOOK RUSHED to plug a security flaw in its social network that allowed any user to access and then delete a photo another had uploaded.
The vulnerability was unearthed by security researcher Pouya Darabi, who noted the security bug was part of a polling feature that Facebook launched to allow its users to attach virtual surveys to their photos.
Presumably, such polls are used to ask questions such as: “Ow lush do i luk in this pic, bae”, or “avocado toast or kale smoothie?”, or perhaps some racist inane nonsense from right-wing air-waster. Anyway, we digress.
HTML scripts are used to create such polls, which are submitted to Facebook’s servers. That script includes an ID code for the photo, which Darabi found could be changed to bring up any photo of any one of Facebook’s some two billion users, even if the photos were set to be private.
From there the photo could be attached to a poll, and when that poll got deleted its bye-bye to any picture connected to it.
Malicious digital deviants with too much time on their hands could wreak havoc with such a flaw, deleting treasured holiday pics or that photo of Davey Dave, the Archbishop of Banterbury who was having it large at Nandos.
And such golden nuggets as the below pic of our very own Chris Merriman could be lost to the virtual waves of the web.
However, Darabi reported the issue to Facebook and Mark Zuckerberg’s bright bods sprang into action to plug the security hole. Not all heroes wear capes, though Facebook did show its gratitude to by giving Darabi $10,000 just in time for Xmas.
“I appreciate Facebook security team for resolving this vulnerability quickly,” said Darabi, clearly a person of few words.
What can we learn here folks? Well take care with what you upload on Facebook and make sure you have backups of precious photos. And maybe think twice about using a polling feature unless you really need to answer something that a Google search can’t solve. µ
Source : Inquirer