Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Facebook Fixes “Midnight Delivery” Privacy Flaw

SAN FRANCISCO – Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year’s Eve messages sent using a “Midnight Delivery” service.

Facebook took “Midnight Delivery” offline temporarily to patch a vulnerability pointed out by Britain-based blogger Jack Jenkins.

SAN FRANCISCO – Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year’s Eve messages sent using a “Midnight Delivery” service.

Facebook took “Midnight Delivery” offline temporarily to patch a vulnerability pointed out by Britain-based blogger Jack Jenkins.

The new feature, which lets people prepare digital messages in advance and have them automatically delivered to Facebook friends the moment the year 2013 arrives, was back in action Monday.

“I have just checked, the bug/oversight has now been fixed,” Jenkins said in an update to his blog time-stamped 1435 GMT.

“I don’t know how a site like Facebook can continue to take these kinds of risks.”

Jenkins outlined in his blog a way to get into Midnight Delivery messages by tinkering with characters in URLs, essentially manipulating electronic address data.

The privacy slip came less than a week after the older sister of Facebook co-founder Mark Zuckerberg tripped on the social network’s privacy settings, landing in the midst of a debate about “online etiquette.”

Randi Zuckerberg, who launched a Silicon Valley themed online reality show after quitting her job handling Facebook public relations, kicked off the controversy after a family photo intended for friends went public.

The picture showed Mark Zuckerberg in a kitchen with family members dramatizing reactions to messages sent with a freshly launched “Poke” feature at the California-based online social network.

Poke lets people send messages that self-destruct in what is seen by many as a spin on popular smartphone application Snapchat.

Randi Zuckerberg posted a copy of the family photo to Facebook for the eyes of close friends only, but evidently it was also shared with friends of those tagged in the picture due to privacy settings at the social network.

That meant the fun photo popped up in the news feed of someone outside Randi Zuckerberg’s circle, who then shared it on popular messaging service Twitter.

From there, the photo went viral — much to Randi Zuckerberg’s chagrin.

“Digital etiquette: always ask permission before posting a friend’s photo publicly,” Mark Zuckerberg’s elder sister said in a Christmas tweet. “It’s not just about privacy settings, it’s about human decency.”

The comment sparked heated debate at Twitter and other online forums, where a vocal contingent saw poetic justice in the Zuckerbergs being exposed by the way the social network handles the privacy of users.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.