d*f
2 楼
感觉非常业余阿
Facebook hack – how did this breach happen
Here's how it worked...
Facebook's systems were compromised through the 'View As' feature
'View As' lets you see your profile as another specific user would see it
The three bugs related specifically to a re-design of the video uploader
tool
When using 'View As', the video uploader tool shouldn't have shown up at all
But on specific posts encouraging people to post happy birthday greetings,
it did show up
The second bug was that the video uploader incorrectly used Facebook's
single sign-on functionality, and generated an access token for the mobile
app
The third bug was that when the video uploader showed up, the access token
was generated for not you as the user, but for the user you were looking up
This was discovered by attackers, who were able to use this system to look
up other users and get further tokens
Facebook hack – how did this breach happen
Here's how it worked...
Facebook's systems were compromised through the 'View As' feature
'View As' lets you see your profile as another specific user would see it
The three bugs related specifically to a re-design of the video uploader
tool
When using 'View As', the video uploader tool shouldn't have shown up at all
But on specific posts encouraging people to post happy birthday greetings,
it did show up
The second bug was that the video uploader incorrectly used Facebook's
single sign-on functionality, and generated an access token for the mobile
app
The third bug was that when the video uploader showed up, the access token
was generated for not you as the user, but for the user you were looking up
This was discovered by attackers, who were able to use this system to look
up other users and get further tokens
v*a
3 楼
第三个现在 fix 了么。。。
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
H*g
5 楼
这个垃圾网站 我注销好多年了 还成天往我信箱塞建议
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
v*r
6 楼
脸书不是号称代码部署快
就容易出这种问题
不过脸书其实不在乎隐私
代码错了修虫子好了
就容易出这种问题
不过脸书其实不在乎隐私
代码错了修虫子好了
o*p
7 楼
都招的leetcode精英,不出问题就见鬼了
b*p
12 楼
没有什么了不起了,反正用的人不多。而且会越来越少。
facebookは老人のためのものです
facebookは老人のためのものです
n*4
13 楼
正说明三哥是大规模并行式写码,批量,而老中还要用眼去看,产量之比可想而知,所
谓中国制造,印度写码,都是现代大工业的象征
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
谓中国制造,印度写码,都是现代大工业的象征
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
T*g
15 楼
靠,都是多低级的错误呀,高中生编的吗
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
all
【在 d********f 的大作中提到】
: 感觉非常业余阿
: Facebook hack – how did this breach happen
: Here's how it worked...
: Facebook's systems were compromised through the 'View As' feature
: 'View As' lets you see your profile as another specific user would see it
: The three bugs related specifically to a re-design of the video uploader
: tool
: When using 'View As', the video uploader tool shouldn't have shown up at all
: But on specific posts encouraging people to post happy birthday greetings,
: it did show up
v*u
18 楼
班加罗尔的码工月薪才五六百美刀,不能要求太高啊,哈哈
相关阅读