Facebook Tightens Up Security

The ability to do a kind of advanced search on Facebook could have revealed information from private profiles to anyone who knew how to look for it.

Facebook Tightens Up Security

closed off a hole in its search functionality, and gave its users a greater level of privacy control of their profiles.

blogged about how Facebook search could be a privacy concern, especially in relation to European privacy laws.

"The Europeans do care about privacy. Sexuality and Religion are bits of information that they consider to be highly sensitive.. and thus, my little go fish attack is now suddenly a lot more important than it was before," Soghoian wrote.

"While Facebook does allow users to control their profile's existence in search queries, this second preference is not automatically set when a user makes their profile private - and thus many users do not know to do so," he wrote.

Doing an advanced query for a Facebook user's name and any profile attribute associated with it would retrieve a matching result if it exists. Soghoian demonstrated the proof of concept by creating a profile for himself and searching for its attributes.

A Facebook representative responded on Soghoian's blog, and said Facebook has fixed the problem.

Brandee Barker, director of corporate communications at Facebook, commented that information marked as private by a user will not return a result for an advanced search query.

---




www.SecurityProNews.com/