Comments on: Social Me Still Too Social http://theharmonyguy.com/2008/07/16/social-me-still-too-social/ Investigating privacy and security issues in online social networking Thu, 09 Feb 2012 10:47:20 +0000 hourly 1 http://wordpress.org/?v= By: Social Me is Back, Privacy Still Vulnerable | FaceBook News http://theharmonyguy.com/2008/07/16/social-me-still-too-social/comment-page-1/#comment-31972 Social Me is Back, Privacy Still Vulnerable | FaceBook News Sat, 09 Jul 2011 04:25:13 +0000 http://theharmonyguy.com/?p=27#comment-31972 [...] resurrected but it appears that there are still some substantial privacy loopholes. According to theharmonyguy, there is still a substantial privacy flaw which enabled him “to send a message to anyone and [...] [...] resurrected but it appears that there are still some substantial privacy loopholes. According to theharmonyguy, there is still a substantial privacy flaw which enabled him “to send a message to anyone and [...]

]]> By: Mark Waks http://theharmonyguy.com/2008/07/16/social-me-still-too-social/comment-page-1/#comment-316 Mark Waks Thu, 17 Jul 2008 17:01:00 +0000 http://theharmonyguy.com/?p=27#comment-316 Nice job of finding that, and good on them for fixing it. Formal invitation: if you find the time and inclination to poke at an app that's still in the construction phase, I'd love to have some outside eyes take a look at <a href="http://www.facebook.com/apps/application.php?id=6825710207" rel="nofollow">CommYou</a>, the conversation system I'm building. That's not even at alpha yet, but I'd rather find and fix the security holes *before* I have thousands of people using the thing. I know it's not perfect yet -- it's subject to a man-in-the-middle attack during login, which is going to be a pain in the ass to fix -- but I believe it's pretty good otherwise. I'd be interested to see if you notice other holes in the security... Nice job of finding that, and good on them for fixing it.

Formal invitation: if you find the time and inclination to poke at an app that’s still in the construction phase, I’d love to have some outside eyes take a look at CommYou, the conversation system I’m building.

That’s not even at alpha yet, but I’d rather find and fix the security holes *before* I have thousands of people using the thing. I know it’s not perfect yet — it’s subject to a man-in-the-middle attack during login, which is going to be a pain in the ass to fix — but I believe it’s pretty good otherwise. I’d be interested to see if you notice other holes in the security…

]]> By: John http://theharmonyguy.com/2008/07/16/social-me-still-too-social/comment-page-1/#comment-315 John Thu, 17 Jul 2008 06:43:31 +0000 http://theharmonyguy.com/?p=27#comment-315 Have you contacted SocialMe or Facebook about this, seems like something they would care about. Also I tried doing this but couldn't figure it out (wanted to make sure my apps aren't susceptible to this) Could you demonstrate on these two accounts: 1017467310, 835962318 (you can do whatever message you want) Have you contacted SocialMe or Facebook about this, seems like something they would care about.

Also I tried doing this but couldn’t figure it out (wanted to make sure my apps aren’t susceptible to this)

Could you demonstrate on these two accounts:
1017467310, 835962318 (you can do whatever message you want)

]]> By: T http://theharmonyguy.com/2008/07/16/social-me-still-too-social/comment-page-1/#comment-312 T Wed, 16 Jul 2008 21:38:01 +0000 http://theharmonyguy.com/?p=27#comment-312 I didn't find an e-mail address on your site to contact you, so I guess I'll just leave a comment here. Recently Facebook removed the ability to see what friends are currently online (without appearing online yourself, using Facebook Chat). With the new profile beta, I found that the functionality is still there, just hidden. If you click on "Friends" at the top of your profile redesign page (new.facebook.com), you can replace a string in the url with "online". You end up with this url: "http://www.new.facebook.com/friends/?view=online". Not really a vulnerability or anything, just thought it would interest you I didn’t find an e-mail address on your site to contact you, so I guess I’ll just leave a comment here. Recently Facebook removed the ability to see what friends are currently online (without appearing online yourself, using Facebook Chat). With the new profile beta, I found that the functionality is still there, just hidden. If you click on “Friends” at the top of your profile redesign page (new.facebook.com), you can replace a string in the url with “online”. You end up with this url: “http://www.new.facebook.com/friends/?view=online”.

Not really a vulnerability or anything, just thought it would interest you

]]> By: Social Me is Back, Privacy Still Vulnerable http://theharmonyguy.com/2008/07/16/social-me-still-too-social/comment-page-1/#comment-311 Social Me is Back, Privacy Still Vulnerable Wed, 16 Jul 2008 20:34:06 +0000 http://theharmonyguy.com/?p=27#comment-311 [...] resurrected but it appears that there are still some substantial privacy loopholes. According to theharmonyguy, there is still a substantial privacy flaw which enabled him “to send a message to anyone and [...] [...] resurrected but it appears that there are still some substantial privacy loopholes. According to theharmonyguy, there is still a substantial privacy flaw which enabled him “to send a message to anyone and [...]

]]>