[cap-talk] A Massive Confused Deputy on the Web

Ivan Krstić krstic at solarsail.hcs.harvard.edu
Tue Jun 3 08:36:45 CDT 2008


On Jun 3, 2008, at 3:37 PM, Toby Murray wrote:
> ordinary people to gain access to arbitrary Facebook profiles via a
> Yahoo gadget.

In this instance it was MySpace, not Facebook, though Facebook had a  
similar vulnerability with photographs (but not profile information)  
in the past.

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org



More information about the cap-talk mailing list