This time because of a bug that could have opened the door to deleting every single photo on Facebook. While I don't believe it would have happened without a beast of a processor, I do think that it could have caused some major damage.
There was a bug in the code for Graph API, "a developer platform that allows websites and applications to tap into Facebook's data."
The Graph API does not allow one user to delete another person's photos or albums. But by manipulating an access token from his mobile device, he was able to convince Facebook that the album belonged to him -- effectively allowing him access to read, write, and delete the album. - Zack Whittaker, ZDNetThe bug was so potentially damaging that Facebook had a fix out within two hours, and they rewarded the person that discovered the bug the highest reward offered, $12,500. Not a bad days work in my opinion!
No comments:
Post a Comment