Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Facebook Fixes “Midnight Delivery” Privacy Flaw

SAN FRANCISCO – Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year’s Eve messages sent using a “Midnight Delivery” service.

Facebook took “Midnight Delivery” offline temporarily to patch a vulnerability pointed out by Britain-based blogger Jack Jenkins.

SAN FRANCISCO – Facebook sidestepped a privacy gaffe on Monday by fixing a flaw that made it possible to snoop on private New Year’s Eve messages sent using a “Midnight Delivery” service.

Facebook took “Midnight Delivery” offline temporarily to patch a vulnerability pointed out by Britain-based blogger Jack Jenkins.

The new feature, which lets people prepare digital messages in advance and have them automatically delivered to Facebook friends the moment the year 2013 arrives, was back in action Monday.

“I have just checked, the bug/oversight has now been fixed,” Jenkins said in an update to his blog time-stamped 1435 GMT.

“I don’t know how a site like Facebook can continue to take these kinds of risks.”

Jenkins outlined in his blog a way to get into Midnight Delivery messages by tinkering with characters in URLs, essentially manipulating electronic address data.

The privacy slip came less than a week after the older sister of Facebook co-founder Mark Zuckerberg tripped on the social network’s privacy settings, landing in the midst of a debate about “online etiquette.”

Randi Zuckerberg, who launched a Silicon Valley themed online reality show after quitting her job handling Facebook public relations, kicked off the controversy after a family photo intended for friends went public.

Advertisement. Scroll to continue reading.

The picture showed Mark Zuckerberg in a kitchen with family members dramatizing reactions to messages sent with a freshly launched “Poke” feature at the California-based online social network.

Poke lets people send messages that self-destruct in what is seen by many as a spin on popular smartphone application Snapchat.

Randi Zuckerberg posted a copy of the family photo to Facebook for the eyes of close friends only, but evidently it was also shared with friends of those tagged in the picture due to privacy settings at the social network.

That meant the fun photo popped up in the news feed of someone outside Randi Zuckerberg’s circle, who then shared it on popular messaging service Twitter.

From there, the photo went viral — much to Randi Zuckerberg’s chagrin.

“Digital etiquette: always ask permission before posting a friend’s photo publicly,” Mark Zuckerberg’s elder sister said in a Christmas tweet. “It’s not just about privacy settings, it’s about human decency.”

The comment sparked heated debate at Twitter and other online forums, where a vocal contingent saw poetic justice in the Zuckerbergs being exposed by the way the social network handles the privacy of users.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.