Tuesday, October 09, 2018
Tell HN: Forwarded Facebook emails automatically login as recipient
Tell HN: Forwarded Facebook emails automatically login as recipient
I'm rarely speechless, but my best friend - who is not a developer but tech-savvy - just forwarded an email invite to an event that she wants me to come to with her. The email was a standard transactional Facebook event notification. When I clicked on the event, I was logged into Facebook as my friend. Full privileges. I could have done anything. I logged out, called her immediately and explained that a) she shouldn't send anyone transactional emails from Facebook and b) that in my opinion, she hadn't done anything wrong. This is an outrageous security violation, as well as a violation of the principle of least surprise. It seems completely reasonable to me that someone would forward an event invitation to other people. I see this kind of thing with older folks, in particular. The obvious concern, here, is that someone could (not should) forward that email to a much larger group of people. In an era where people are unfortunately reliant on Facebook for their identity management, social connections and even professional networking, the idea of losing access to your Facebook profile to an unknown actor is terrifying. I don't understand how this ever made it past QA. If you work at Facebook, fix this right now.
more
I'm rarely speechless, but my best friend - who is not a developer but tech-savvy - just forwarded an email invite to an event that she wants me to come to with her. The email was a standard transactional Facebook event notification. When I clicked on the event, I was logged into Facebook as my friend. Full privileges. I could have done anything. I logged out, called her immediately and explained that a) she shouldn't send anyone transactional emails from Facebook and b) that in my opinion, she hadn't done anything wrong. This is an outrageous security violation, as well as a violation of the principle of least surprise. It seems completely reasonable to me that someone would forward an event invitation to other people. I see this kind of thing with older folks, in particular. The obvious concern, here, is that someone could (not should) forward that email to a much larger group of people. In an era where people are unfortunately reliant on Facebook for their identity management, social connections and even professional networking, the idea of losing access to your Facebook profile to an unknown actor is terrifying. I don't understand how this ever made it past QA. If you work at Facebook, fix this right now.
more
0 Comments:
Make Money
Recent Posts
Google Drops Out of Pentagon's $10B Cloud Competition
Create High Performance Rust Systems, Standard Cog...
Reified Generics: The Search for the Cure
The Comforting Fictions of Dementia Care
A Roadmap for the Upcoming U.S. Treasury Bull Market
Taming Performance Variability [pdf]
$750k Open AI Challenge
Robot Criminals
[YC S17] Relationship Hero Is Hiring Coaches – Ful...
Partial Posix kernel written in Go
Create High Performance Rust Systems, Standard Cog...
Reified Generics: The Search for the Cure
The Comforting Fictions of Dementia Care
A Roadmap for the Upcoming U.S. Treasury Bull Market
Taming Performance Variability [pdf]
$750k Open AI Challenge
Robot Criminals
[YC S17] Relationship Hero Is Hiring Coaches – Ful...
Partial Posix kernel written in Go
Archive
January 2006April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
February 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
April 2008
May 2008
July 2008
August 2008
September 2008
October 2008
November 2008
January 2009
May 2009
June 2009
July 2009
August 2009
September 2009
December 2009
March 2010
June 2010
July 2010
September 2010
October 2010
November 2010
January 2011
March 2011
February 2013
April 2013
September 2013
December 2013
August 2014
September 2014
October 2014
November 2014
January 2015
January 2016
September 2018
October 2018
November 2018
December 2018
January 2019
February 2019
March 2019
April 2019
May 2019
June 2019
July 2019
August 2019
September 2019
October 2019
November 2019
December 2019
January 2020
February 2020
March 2020
April 2020
May 2020
June 2020
July 2020
SEO Stats