Facebook flaw ignored: Chat system not secure
Well, despite getting some leads on who to contact after my previous post, Facebook has otherwise ignored me. I even sent a message Mark Z. just for fun, and he (or someone who monitors his account) wrote back and indicated he would pass along the info to the right people.
But they never did write back, so I'm just going to spill it here. To reproduce the flaw in the chat system, do this:
- Use Adium on a Mac and have it connect to your Facebook account.
- On the same network, login to Facebook via a Web browser from a different account. In this situation, I'd be on Adium while my fiance would be on her Vista computer surfing Facebook in Firefox.
- Check the buddy list in Adium, you'll see your own as well as my fiance's friends in the list. Messages they send to her come to me as well. And I can reply impersonating her.
Now imagine doing this on a larger network at a library or airport or something. I'd say this is pretty broken.