d*f
2 楼
感觉非常业余阿
Facebook hack – how did this breach happen
Here's how it worked...
Facebook's systems were compromised through the 'View As' feature
'View As' lets you see your profile as another specific user would see it
The three bugs related specifically to a re-design of the video uploader
tool
When using 'View As', the video uploader tool shouldn't have shown up at all
But on specific posts encouraging people to post happy birthday greetings,
it did show up
The second bug was that the video uploader incorrectly used Facebook's
single sign-on functionality, and generated an access token for the mobile
app
The third bug was that when the video uploader showed up, the access token
was generated for not you as the user, but for the user you were looking up
This was discovered by attackers, who were able to use this system to look
up other users and get further tokens
Facebook hack – how did this breach happen
Here's how it worked...
Facebook's systems were compromised through the 'View As' feature
'View As' lets you see your profile as another specific user would see it
The three bugs related specifically to a re-design of the video uploader
tool
When using 'View As', the video uploader tool shouldn't have shown up at all
But on specific posts encouraging people to post happy birthday greetings,
it did show up
The second bug was that the video uploader incorrectly used Facebook's
single sign-on functionality, and generated an access token for the mobile
app
The third bug was that when the video uploader showed up, the access token
was generated for not you as the user, but for the user you were looking up
This was discovered by attackers, who were able to use this system to look
up other users and get further tokens
v*a
3 楼
第三个现在 fix 了么。。。
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
d*f
4 楼
这要是还不能fix,fb要关门了
【在 v***a 的大作中提到】
: 第三个现在 fix 了么。。。
:
: all
【在 v***a 的大作中提到】
: 第三个现在 fix 了么。。。
:
: all
H*g
5 楼
这个垃圾网站 我注销好多年了 还成天往我信箱塞建议
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
v*r
6 楼
脸书不是号称代码部署快
就容易出这种问题
不过脸书其实不在乎隐私
代码错了修虫子好了
就容易出这种问题
不过脸书其实不在乎隐私
代码错了修虫子好了
o*p
7 楼
都招的leetcode精英,不出问题就见鬼了
d*f
8 楼
这和leetcode没什么关系把,我觉得刷体的反而水平不错啊,我见过很多老年程序员,
一敲键盘就是bug
【在 o****p 的大作中提到】
: 都招的leetcode精英,不出问题就见鬼了
一敲键盘就是bug
【在 o****p 的大作中提到】
: 都招的leetcode精英,不出问题就见鬼了
u*n
9 楼
建议我一帮不认识的人,没一个和我有任何关系的
【在 H********g 的大作中提到】
: 这个垃圾网站 我注销好多年了 还成天往我信箱塞建议
:
: all
【在 H********g 的大作中提到】
: 这个垃圾网站 我注销好多年了 还成天往我信箱塞建议
:
: all
o*p
10 楼
可是lc精英连基本的网络和操作系统概念都没有,怎么玩?你说的老年程序猿我估计得
是奇烂的公司才会有,所有产品用户达到一定规模的公司都不可能让你说的这种攻城狮
当主力的,这些人一年写500行扣了不起了。加上还要有review制度,不可能让太烂的
代码进入系统。
【在 d********f 的大作中提到】
: 这和leetcode没什么关系把,我觉得刷体的反而水平不错啊,我见过很多老年程序员,
: 一敲键盘就是bug
是奇烂的公司才会有,所有产品用户达到一定规模的公司都不可能让你说的这种攻城狮
当主力的,这些人一年写500行扣了不起了。加上还要有review制度,不可能让太烂的
代码进入系统。
【在 d********f 的大作中提到】
: 这和leetcode没什么关系把,我觉得刷体的反而水平不错啊,我见过很多老年程序员,
: 一敲键盘就是bug
o*p
11 楼
别的我不清楚,像这些lc精英们,95%以上我问一题memcpy怎么写就能给他全fail掉。
【在 d********f 的大作中提到】
: 这和leetcode没什么关系把,我觉得刷体的反而水平不错啊,我见过很多老年程序员,
: 一敲键盘就是bug
【在 d********f 的大作中提到】
: 这和leetcode没什么关系把,我觉得刷体的反而水平不错啊,我见过很多老年程序员,
: 一敲键盘就是bug
b*p
12 楼
没有什么了不起了,反正用的人不多。而且会越来越少。
facebookは老人のためのものです
facebookは老人のためのものです
n*4
13 楼
正说明三哥是大规模并行式写码,批量,而老中还要用眼去看,产量之比可想而知,所
谓中国制造,印度写码,都是现代大工业的象征
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
谓中国制造,印度写码,都是现代大工业的象征
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
v*a
14 楼
我猜还有类似的bug 在里面,因为code 和 design 都是抄来抄去的。
发现了这个漏洞咋用好?我只有几个游戏是用的fb,不能产生啥收益。
【在 d********f 的大作中提到】
: 这要是还不能fix,fb要关门了
发现了这个漏洞咋用好?我只有几个游戏是用的fb,不能产生啥收益。
【在 d********f 的大作中提到】
: 这要是还不能fix,fb要关门了
T*g
15 楼
靠,都是多低级的错误呀,高中生编的吗
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
y*i
16 楼
不许污蔑高中生!
【在 T******g 的大作中提到】
: 靠,都是多低级的错误呀,高中生编的吗
:
: all
【在 T******g 的大作中提到】
: 靠,都是多低级的错误呀,高中生编的吗
:
: all
P*i
17 楼
can't agree more
【在 o****p 的大作中提到】
: 都招的leetcode精英,不出问题就见鬼了
【在 o****p 的大作中提到】
: 都招的leetcode精英,不出问题就见鬼了
v*u
18 楼
班加罗尔的码工月薪才五六百美刀,不能要求太高啊,哈哈
i*k
19 楼
memcpy可难可简单,看你问啥了,不要性能的话写个循环copy有啥难的,要性能的话写
出来你又未必看得懂。。。
【在 o****p 的大作中提到】
: 别的我不清楚,像这些lc精英们,95%以上我问一题memcpy怎么写就能给他全fail掉。
出来你又未必看得懂。。。
【在 o****p 的大作中提到】
: 别的我不清楚,像这些lc精英们,95%以上我问一题memcpy怎么写就能给他全fail掉。
相关阅读