28. October 2011
World famous social networking website, Facebook, is apparently making news again after a security expert had discovered a subtle programming error on their website code. This researcher, Nathan Power, who is works at the CDW consultancy firm apparently found out about a programming error on the website’s code which could allow a user to send a malicious code or a virus to another user, via its messaging option. This problem is a reminiscent of the May 2011 error which allowed all advertisers and app developers to access the personal information of the users, where no serious damage was caused in spite of all the fear it generated. However, Facebook as taken a long time to acknowledge this one as it has already been lingering around for a month.
According to a blog post by Power, this flaw allowed the user an option which would be just send an ERROR message under normal circumstances, due to the company’s policy on account privacy. After suspecting something out of place, Power than decided to investigate on his own by analyzing the POST request code, that was circulating in the servers. After a testing the code, he realized that by he could manipulate the POST request simply by typing a small message near the filename variable, thus allowing him to send an executable message or an attachment with relative ease. To put it in simple terms, this hole in the code can allow a person to send a potentially malicious or virus laden file attachment to any user, thus increasing the risk of the circulation of a harmful virus that can potentially damage the entire server, thus putting the private information of millions at risk.
In a surprising turn of events, the company officials merely brushed aside the error as a minor glitch. Ryan McGeehan, who is the head of the website’s security department, released a statement to the press valiantly claiming that such a glitch can only be misused if the perpetrator has some additional technical acumen that can allow him to bypass the website’s secondary security features. So, all we can do is hope that Facebook really does have the problem in control which means there is nothing to worry about.