Facebook is the children from The Bloodening: It knows all your secrets. If Mark Zuckerberg wanted to, he could see all the messages you’ve sent to your ex-boyfriend, all the credit-card information you’ve stored, all the dumb apps you’ve wasted your money on (that last one’s the most embarrassing).
So could any curious hacker.
Anand Prakash, a security researcher from Bangalore, India, recently unearthed a Password Reset Vulnerability, “a simple yet critical vulnerability that could have given an attacker endless opportunities to brute force a six-digit code and reset any account’s password,” according to Hacker News.
That six-digit code is what Facebook sends you when you want to change your account’s password. Try it too many times, and Facebook blocks you. Unless you use the social networking giant’s beta sites, where there’s no limit. “Brute forcing… allowed Prakash to launch a brute force attack into any Facebook account by setting a new password, taking complete control of any account.”
Here’s how he did it.
Unfortunately for all you Johnny-Come-Hackers, Prakash told Facebook about the vulnerability, and they fixed it. He was presented with a $15,000 award for his social (media) consciousness, which, coincidentally, is how much money Prakash knows you spent on Farmville in 2011. What were you thinking?
(Via Hacker News)