Total Pageviews

Facebook Shortcut Exposed User Data

Facebook Cancels Shortcut Over Concern for Security

SAN FRANCISCO - What was supposed to be a shortcut for Facebook users to log into their pages ended up exposing their e-mail addresses - and, in some cases, potentially allowing access to their accounts as well.

A Facebook spokesman said on Friday that the company had created the shortcut, called auto login, to let some users go directly to their pages by clicking on a Web link sent to their e-mail addresses. Once they clicked on the link, they could get into their accounts, rather than having to go to Facebook.com and log in.

Some of the links required users to type their passwords, while others did not, the company said.

On the Web site Hacker News, a technology discussion board, Matt Jones, an engineer at Facebook, said the company had offered the service for “ease of use” and never made the Web addresses “publicly available.”

But they did become publicly available, as the discussion on Hacker News revealed on Friday.

The Facebook spokesman, Frederic Wolens, said some users may have posted the links on the Web, allowing anyone to search for them. Those links could give a stranger access to the Facebook pages connected to them, as well as the e-mail addresses of those users. Mr. Wolens said he had no explanation why someone would post the links.  

When Facebook found the problem, it discontinued the shortcut.

The Hacker News thread said over one million Facebook accounts had been affected. Facebook could not confirm that figure on Friday afternoon.

TrendMicro, a private security company that offers safety tools for Facebook users, said Web address shortcuts were inherently dangerous because they could ultimately end up on the Web.

“Many, many hackers are targeting these portals because of the ubiquitous trust and use of them,” said Tom Kellermann, vice president for cybersecurity at TrendMicro. He added, “You don't take shortcuts through the woods in cyberspace.”

The news of the security hole comes a week after a Bulgarian blogger, Bogomil Shopov, said he had bought 1.1 million Facebook users' names and e-mail addresses on the Web for $5. He found the information for sale on a marketplace site, gigbucks.com. The items are no longer available.

Mr. Wolens of Facebook said the data had been acquired and compiled by someone who took whatever information Facebook users made public on their pages - and from other publicly available data about those users.

Mr. Kellermann of TrendMicro said the problem with the shortcut could explain how the names and e-mail addresses that Mr. Shopov had found became public. Facebook said the security flaw and the user data for sale had nothing to do with each another.

“We have no reason whatsoever to believe that these two incidents are related,” Mr. Wolens said.

A version of this article appeared in print on November 3, 2012, on page B2 of the New York edition with the headline: Facebook Cancels Shortcut Over Concern for Security.

Cellphone Users Steaming at Hit-or-Miss Service

Cellphone Users Steaming at Hit-or-Miss Service

Mario Tama/Getty Images

Cellphone users took advantage of an area of the East Village known to have cellular reception.

To wireless customers, cellphone networks might seem to be made out of thin air. But they are plenty vulnerable to catastrophic storms - and bringing service back can take an excruciatingly long time.

Photographs

A fallen tree on a car in hard-hit Queens did not faze a mobile user who apparently had cellphone service.

On Friday, four days after Hurricane Sandy, the major carriers - AT&T, Verizon Wireless, T-Mobile USA and Sprint - were still busily rebuilding their networks in the hardest-hit areas.

One-quarter of the cell towers in the storm zone were knocked out, according to the Federal Communications Commission. Many had no power, and their backup battery systems soon drained. The lines connecting those towers to the rest of the phone network were ripped out. Carriers deployed generators to provide power, but eventually those required more fuel - another limited resource.

In an emergency, a lack of cellphone reception can be dangerous, especially as more people have chosen to snip landlines out of their budgets. About 60 percent of American households have landlines, down from 78 percent four years ago, according to Chetan Sharma, an independent mobile analyst.

The carriers say they are trying their best to deal with an unusual disaster. But in the past, they have steadfastly objected to recommendations from regulators that they spend more money on robust emergency equipment, like longer-lasting backup batteries.

Neville Ray, chief technology officer of T-Mobile USA, said Hurricane Sandy was the biggest natural disaster he had ever dealt with and that service failures were inevitable.

“There's an amount of preparation you can do, but depending on the size and scale and impact of the storm, it's tough to anticipate every circumstance,” Mr. Ray said in an interview. “No degree of preparation can prevent some of those outages from happening.”

When networks fail, carriers deploy trucks, called C.O.W.'s, for cell on wheels, that act as temporary cell towers. But the companies say the challenge with deploying these trucks poststorm is connecting to power and to the wider phone network, which requires a microwave radio link to a working tower. Because of the density of the buildings in New York City, the trucks could serve only a small area, according to Mr. Ray.

The carriers have made other efforts to provide services while restoring their networks. AT&T wheeled out R.V.'s where customers could charge their phones. And it made an agreement to share networks with T-Mobile USA in the affected areas of New York and New Jersey. When customers of both companies place calls, they are carried by whichever network is available in the area.

But ultimately all of the carriers' preparations and responses were not enough to get services running again in a hurry. Over the week the carriers reported gradual progress, and they declined to offer timelines indicating when customers could expect to have service again.

The unreliability of wireless networks may point to a bigger problem. Over the years, the phone companies have fought off regulators who want to treat them as utilities, arguing that if they are going to stay innovative, they cannot be burdened with the old rules that phone companies dealt with in the landline era. But as a consequence, there are almost no rules about what carriers have to do in an emergency, said Harold Feld, senior vice president for Public Knowledge, a nonprofit that focuses on information policy.

“With the new networks we've prized keeping costs down, we've prized flexibility and we've prized innovation,” said Mr. Feld, who wrote a blog post on Monday anticipating cell tower problems. “But we have not put stability as a value when we have been pushing to have these networks built out.”

Mr. Feld noted that after Hurricane Katrina in 2005, the F.C.C. recommended that carriers install backup batteries on their transmission towers that would last 24 hours, among other measures. But the carriers objected, presumably because they did not want to spend the money, he said. (Of course, 24 hours would not have been enough in many areas hit by the latest storm.)

In general, the carriers say it is in their own interest to fortify their networks for emergency situations, but Mr. Feld said this incentive was not enough.

“We ought to actually be doing this in the mind-set that there need to be actual rules, so that everybody knows how to behave when the crisis hits,” he said. “When I drive I have the best incentive in the world not to hit a telephone pole and not to slam into another car. But I still need speed limits, stop signs and stop lights.”

Debra Lewis, a spokeswoman for Verizon Wireless, said no amount of rules could have prepared carriers for the outcome of a storm like Hurricane Sandy.

“The fact is, regulation cannot anticipate the varied challenges that can arise in such situations, but we do learn from them and adapt accordingly to ensure we meet consumers' needs,” Ms. Lewis said. She said the company prepared for natural disasters with generators and batteries that provided at least eight hours of power to cell sites.

Verizon Wireless said Friday evening that less than 3 percent of its network in the Northeast was still down. “In severely impacted areas, such as Lower Manhattan, while wireless service has yet to return to normal levels, coverage is good,” it said.

AT&T was the only major carrier that would not go into specifics about how much of its network was down. Anecdotally it seemed that in Manhattan at least, AT&T's coverage was not as good as Verizon's after the storm. One Twitter user directed this message at AT&T on Tuesday: “I live in lower manhattan. Vz has service u do not. You are ruining lives. I had to come midtown 2 call mom. Switching.”

Mark Siegel, a spokesman for AT&T, said the company would not comment because it was working on restoring its network.

A version of this article appeared in print on November 3, 2012, on page B6 of the New York edition with the headline: Cellphone Users Steaming at Hit-or-Miss Service.

Today\'s Scuttlebot: Used iPads, and Silicon Valley TV

The technology reporters and editors of The New York Times scour the Web for important and peculiar items. Friday's selection includes a drawback to a security measure in Windows 8, concerns about the information that free mobile apps collect and a move by a British agency to comb social media for information.

Daily Report: For Japan\'s Electronics Behemoths, Dire Times Ahead

Three of Japan's consumer electronics giants - Sharp, Panasonic and Sony - are showing signs of faltering, reports Hiroko Tabuchi in Friday's New York Times.

How Government Officials Are Using Twitter for Hurricane Sandy

When Hurricane Irene roared up the East Coast in August 2011, Gov. Chris Christie of New Jersey delivered a strongly worded post on his Twitter account, @GovChrisChristie, telling people to “get the hell off the beach.” It worked. People left.

With Hurricane Sandy, Mr. Christie used Twitter and YouTube again, as did governors, mayors and emergency management officials from North Carolina to Massachusetts, cementing Twitter's role as an emergency broadcasting service. In the aftermath of this storm, as we report, Twitter and other social media tools are also proving vital to helping officials deliver important and timely updates.

More than 20 million tweets were sent about the storm between Saturday and Thursday, said Rachael Horwitz, a spokeswoman for Twitter. And that is probably a conservative estimate, she noted, because it reflects only those Twitter posts that included the terms “sandy,” “hurricane,” “#sandy” and “#hurricane.”

At 9 p.m. Monday, as floodwaters poured into New York City's low-lying areas and an explosion rocked a Con Edison substation, the number of Twitter users in the city who loaded their Twitter timeline from a mobile device peaked, more than doubling the number from the previous two days, Ms. Horwitz said.

Perhaps one reason is that top government officials and agencies had been delivering regular warnings and updates about the storm since late last week. They used Twitter, Facebook, YouTube and even Pinterest to get the word out before and after the storm..

The Bloomberg administration uses multiple Twitter accounts to post updates, including @NYCMayorsOffice, @MikeBloomberg and @NYCnotify.

Gov. Andrew M. Cuomo of New York, whose @NYGovCuomo is managed by a team of close aides, led by Liisa O'Neill, has been delivering hundreds of rapid-fire updates since late last week, becoming a must-follow for anyone looking for information about the recovery efforts. It is on this account that Twitter users learned when tunnels were closed, bridges opened, commuter rails were shutting down and then this post on Thursday that was welcome news, especially to Long Island commuters.

Subscribe to: Posts (Atom)