Feeds

Facebook: Our phone app DID seize your email

Blame the bug... bitch

Combat fraud and increase customer satisfaction

Facebook has admitted its mobile app altered phones' contacts books to use @facebook.com addresses.

The hijack stems from a flaw in the website's design and the decision to provide every user with an @facebook.com handle that forwards to their Facebook message inbox. These addresses are now shown on the site's Timeline to encourage their use.

A bug in the Facebook contacts API caused the mobile client to download and save the most recently added email address, rather than the account default, when synchronising a user's friends list and the phone's contact book. Because the "most recent" was the Facebook address, punters' contacts were rewritten and their email rerouted as a result.

Reports of missing messages were, as predicted, down to mails from non-friends being filed away in the "Other" mailbox on the social network. That's a feature which must surely annoy anyone using Facebook groups (messages from other group members get similarly tucked away) but it's really a result of one not having enough mates.

Despite overwriting personal address books and hiding received emails, Facebook is anything but contrite. The official statement from the company explains that "for people on certain devices, a bug meant that the device was pulling the last email address added to the account rather than the primary email address" without any obvious admission of whose bug that was.

It was Facebook's bug.

Team Zuck says it will have a fix in place first thing on Thursday, after which contact lists will automatically return to using the default email address - assuming the affected users still have the Facebook app installed and set up to synchronise. ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.