Gregory writes in to point out that Facebook does a lousy job of monitoring the development of its third-party Platform applications—and in fact many of them are written so badly that they can be easily hacked. The examples he cites, which are listed in the winter issue of the hacker magazine 2600, are all fairly mild stunts like spoofing user IDs, changing the moods of another user, and re-routing gifts, “but this information could be used to mount large scale social engineering attacks if automated and coupled with other information.” To illustrate how easy it is to change another user’s settings, he pointed us to a YouTube example of how to change another users “mood” via the Mood app.
2600
AOL Still Retaining Like A MoFugger
By 8.3.06
AOL may be free, but that didn’t stop them from calling up Matt W. in Chicago, begging him to come back. The rep offered Matt a “new” version of AOL called, “Security Edition.” After an initial “trial period,” Matt could continue using AOL for $9.95/month.
