"...he says it worked like a charm for four days straight... Facebook eventually blocked his script, but not before he was able to cultivate hundreds of phone numbers."
Hundreds of phone numbers in four days? That's not nearly as bad as the article seems to imply. I was thinking on the order of thousands or tens-of-thousands. So he was using a crude, brute-force method, which Facebook detected, and has since blocked. Cool.
This article's headline has been updated to reflect the situation more accurately. The vulnerability is significant, demonstrating it can be done to millions of accounts.
Editor In Chiefhttp://hothardware.com
Why did I say hundreds ? I got thousands ! .. I only released a very small portion of it (http://privatepaste.com/3b9c229921) . And the 4 days is with my macros script . But tylers script would give you one result every second ! The script was only blocked after all the media attention !
PS:Edit as appropriate ..
So much for responsible disclosure...
I gave them 1 month ! .they didnt even reply properly ! http://suriya.me/me-and-facebook-a-cautionary-tale/ read it fully !
Well... its good that this came out before anyone used the flaw in the wrong way. Kudos for Prakash. Well.. i dont know what you think but i try to not post on Facebook anything that could not be shown public.
Yawn, found this out in July, posted it publicly, now some 'expert' discovers it months later when it's been known about since July.
NEWS TIPS |
This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or hisassociates. All products and trademarks are the property of their respective owners. All content and graphical elements areCopyright © 1999 - 2014 David Altavilla and HotHardware.com, LLC. All rights reserved. Privacy and Terms