PlanetRockwall.com

Another Facebook Security Fail

If you have noticed some unusual postings from your Facebook friends lately, or worse, postings from your own account that you KNOW you didn't put there, then read on, my friends.

According to security researchers at Symantec, publisher of the popular Norton Anitvirus software, Facebook has for years been leaking "access tokens" to its advertisers and anyone savvy enough to find them. "Access tokens are like the 'spare keys' granted by you to the Facebook applications," Symantec said in a blog post. "Each token or 'spare key' is associated with a select set of permissions, like reading your wall, accessing your friend's profile, posting to your wall, etc."

In other words, whenever you sign up for one of those time-gobbling Facebook games like Farmville or Mafia Wars, you are handing over the keys to your account. Nice, huh? It gets even better. According to Symantec, "We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of tokens to third parties." How many millions? Nobody knows, but there are over 200 million Facebook users out there. That's a lot of potential imposters.

What does Facebook have to say about the situation? (Cue sound of chirping crickets). That's right. Nothing.

Well, that's not exactly true. First they denied any problem, then announced that they had fixed it. Fixed a problem they denied they had. Then they forgot to tell users that the old access tokens are still out there and that there is a simple fix.

The fix? Change your Facebook password. That will instantly obsolete any of the older, vulnerable access tokens you may have left out there. It was Symantec, not Facebook, that issued this advice. Why not Facebook itself, since they were the creator of this "non-problem?" One can only surmise that 200 million users suddenly prevailing upon their servers to "change my password, please" would cause a bit of a system hiccup.

Ya think?

Bob Lewis
Planet Rockwall