Facebook Security

Facebook is starting to show more kinks in their armor. There have always been security issues with Facebook beyond the sex predators. That security is a user chosen action “Blocking a Person”, and is what I wish to discuss.

What happens when you block someone on Facebook? In theory this means that you will no longer see that person on Facebook in any shape form or fashion. You won’t know if that person wrote on the wall of a mutual friend, is even the friend of someone, you won’t even find that person on a search of Facebook. This has almost always been true, however there are flaws in the system as there are in every security system. I personally have several people blocked on Facebook due to personal reasons that don’t matter to this conversation. I have been able to both find these people and access their profiles even though I shouldn’t be able to. I won’t go into how to able to do this, for two reasons, A – it’s extremely tedious and technical, and B – Facebook changes the system often enough that it has to be done a different way every time. However that isn’t the point of this, instead I want to focus on something else and much more direct and easier access – external applications.

External applications have become the new talk of Facebook and are opening up a whole new flood gate of problems. Facebook has all kinds of different applications that allow you to add value onto the current ecosystem however you desire. One app, which I personally do not have installed, is called Top Friends. Much like MySpace’s Top Friends, you pick your “Top Friends” and display them on your profile page. I was informed that I was placed into the Top Friends chart of a friend, being interested I clicked and took a look at the page and saw who else was listed that I knew. Curiously one person a name wasn’t displayed and neither was a profile photo. I was wondering who it was so I clicked on the profile photo but it took me back to said friend’s profile page. Ok, well Top Friends also allows you do a couple other things through Facebook and companion apps – Super Poke, Message, and Write on Fun Wall. So I tried message as I do not have Super Poke or Fun Wall installed. Guess what I was taken to, a page where I could message a person who was supposed to be blocked to me on Facebook. I didn’t test this to see if I actually could message them as it would defeat the whole purpose of the actually being blocked, but since I was at this stage I see no reason why I wouldn’t be able to communicate with this person.

This in my opinion is a simple and easy security flaw that any average person would be able to exploit. And this merely demonstrates probably a whole host of security concerns that the external applications are adding to Facebook. My desire isn’t to see Facebook disappear or to encourage people to harass people who they have blocked or are blocked by, but rather to draw attention to a hole in Facebook’s armor.

jtyost2

Powered by ScribeFire.

Justin Yost is a full-time Software Engineer and a part time educator. A graduate of Texas Tech University with a bachelor's degree in computer science, Justin relishes programming and learning more about anything and everything. When not working, Justin occasionally gives talks at the local PHP Meetup. In his free time, Justin enjoys backpacking and reading science fiction books.


Posted in Security, Technology
Short Link: https://justinyost.com?p=60
2 comments on “Facebook Security
  1. Kate says:

    Can the people you block still see your wall posts and see you on facebook?

  2. jtyost2 says:

    @Kate, the people that you block can not see your wall posts or any other information about you on Facebook. Such as, if you are friends with a particular person, if you are part of a certain group, our any part of your profile page. Facebook is really good with their security and has improved it since I wrote this post.

    However applications are still the weak point in Facebook’s security. So through applications a person could gain access to the information that you have posted through said application. Although the methods for doing so aren’t intuitive in any form. Personally I’m not that concerned since applications don’t tend to ask/store any true personal information.

Leave a Reply

Your email address will not be published. Required fields are marked *

*