Facebook chat flaw?
I just received a chat message from someone on Facebook whom I am not friends with, and went to investigate…
Though I couldn’t find anything online, and I’m not going to test it by spamming random people, it seems that if you add a buddy/friend in your desktop chat client with a username such as -PROFILEID@chat.facebook.com (and profileids can be read from any profile) you’ll be able to chat to that person, even if you are not friends!
This might only work if the person you are chatting up also uses a desktop client, since Facebook did not store the message I received, but it’s still a flaw – especially considering that adding a person from UNIQUENAME@chat.facebook.com clearly claims that you are not authorised, so they do have some security in place.
*sigh* …when will Google free up Buzz from GMail so we can start migrating?
Filed under: Uncategorized | Leave a Comment
Tags: buzz, chat, facebook, gmail, security