Forgot your password?
typodupeerror
Bug Security Social Networks

Facebook and MySpace Backdoors Found, Fixed 106

Posted by Soulskill
from the oh-adobe-you-card dept.
jamie writes with news of a Facebook app developer who found a significant security hole while he was trying to get around function limitations for his application. Quoting: "Luckily — just with browser AJAX requests — a flash application hosted on domain X is unable to open a file on domain Y. If this would be possible, domain X [would be] able to access content on domain Y, and when the user is logged in on domain Y retrieve and post back any personal data. In certain cases this could limit a Flash application's capabilities. ... To resolve such issues, Adobe (Flash's developers) introduced a 'crossdomain.xml' file which could allow certain domains to access another domain, leading to cross-domain access by certain or all domains. While indeed Facebook locked the front door from any non-Facebook domain access via Flash, a simple subdomain change allowed any flash application (domain="*") to access its domain data." He found a similar problem in MySpace's crossdomain.xml. Both sites were notified, and they have implemented fixes.
This discussion has been archived. No new comments can be posted.

Facebook and MySpace Backdoors Found, Fixed

Comments Filter:
  • McCroskey (Score:4, Funny)

    by Captain Splendid (673276) <capsplendid@g m a i l . com> on Thursday November 05, 2009 @12:37PM (#29996066) Homepage Journal
    Looks like I picked the wrong week to deactivate my FB account.
  • by natehoy (1608657) on Thursday November 05, 2009 @12:45PM (#29996176) Journal

    Surely you can't be serious?

  • by imakemusic (1164993) on Thursday November 05, 2009 @01:10PM (#29996474)

    I feel it as a personal accomplishment I *dont* have social network accounts on Facebook, Myspace and alike.

    Well, you say that but we all know it's because you don't have any friends.

  • by Tetsujin (103070) on Thursday November 05, 2009 @02:23PM (#29997360) Homepage Journal

    Surely you can't be serious?

    I am. And don't call me Shirley.

    People, do you not see the basic problem with using this joke in written format? Without a doubt this is a serious flaw in the English language: we are unable to use the "Don't call me Shirley" joke in written form because, while the words "Shirley" and "surely" are homonyms, the spelling is clearly different...

    Ai propoz a simpl fix for this problem: Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz. Thas, thi standard "Shirley" jok wud bi exekyutid thus:
    "Shirly yu kant bi sirius?"
    "Ai em. And dont kal mi Shirly."

    Ther, problem solvd.

  • by Tetsujin (103070) on Thursday November 05, 2009 @03:26PM (#29998280) Homepage Journal

    Inglish speekurz shood standardaiz on a striktly phonetik sistem ov speling wurdz

    Ok, is it spelled "kaw" (New England), Kower (south) Kore (midwest), Kwa (Nwoo Yawk)?

    Is it window, winder, or windah?

    And you spelled "uv" rong. See how this is such an incredibly BAD idea?

    I did not spell "uv" wrong. The five vowels:

    A E I O U

    Take the following sounds:

    Ah Eh EE Oh OO

    This is in accordance with the usage of the vowels in other European languages, such as Spanish or Italian. Thus, the word "of" would be spelled "ov". "uv" would rhyme with "move"

    Admittedly, some work would need to be done to refine the phonetic spelling system and to promote adoption and education of the new system. I figure in a generation or two we might be able to iron out these regional differences. Of course, some will resist these changes: if we can get the NSA involved to monitor SMS and internet usage and introduce FCC regulations requiring broadcasters and recording artists to always spell and pronounce things correctly, and institute a new bureau of ruthless and violent enforcement, it should be doable. The back-catalogue of music and literature will have to be either destroyed or republished, and owning old editions will have to be criminalized. It'd probably be a good idea to identify uncooperative parents and separate them from their children, so we can properly institutionalize them using the new system.

    Oh, and we'll have to invade England, I think - this nonsense about English English being the authoritative version has got to stop. If we play our political cards right and keep anybody else from getting involved it should be a fairly straightforward war without too much loss of life. We may have to use a few tactical nuclear weapons, but I think once we've established a willingness to use them (say, on a minor city) the Brits will know we mean business. One Britain is down I think it should be relatively easy to make Canada fall in line. Australians and New Zealanders might be a bit of a challenge since they're so well known for their weird accents - we could institute a temporary cultural embargo, that should prevent contamination until we're ready to deal with them.

    In the end it'll all be worth it, though, 'cause we'll be able to use the "Don't call me Shirley" joke in writing and it will work properly. Really, all manner of homonym-based jokes will finally be open to use in writing. It will usher in a new golden age of literature.

  • Re:Huh. (Score:1, Funny)

    by Anonymous Coward on Thursday November 05, 2009 @04:27PM (#29999134)

    araadarin san ha nihongo no hon o yomimasu ka? dou deshita ka?

The study of non-linear physics is like the study of non-elephant biology.

Working...