Wednesday, August 01, 2007

Facebook Cache Phreakiness

Robert Scoble, facebook obsessive that he is, blogs about facebook's recent problem with cache headers.

In a nutshell, and facebook's own words:

This was not the result of a security breach. Specifically, the bug caused some third party proxy servers to cache otherwise inaccessible content. The result was that an isolated group of users could see some pages that were not intended for them.
Perhaps not a security breach, but IMHO a worrying lapse in security and wake up call for facebook QA.
I saw other peoples' message inbox, including their messages' subjects and the short snippet. Not their whole messages, but it was bad enough.
What's worse is that because it was a proxy cache issue I saw cached content for other people who used the same proxy, more normally referred to in the human world as my colleagues, and not just for some random facebook strangers.



Labels:

Comments:

blog comments powered by Disqus

I know nothing, I'm not a fortune teller, and you'd be insane to think that I am. This disclaimer was cribbed from an email footer I once received. It is so ridiculous I had to have it for myself.

Statements in this blog that are not purely historical are forward-looking statements including, without limitation, statements regarding my expectations, objectives, anticipations, plans, hopes, beliefs, intentions or strategies regarding the future. Factors that could cause actual results to differ materially from the forward looking statements include risks and uncertainties such as any unforeseen event or any unforeseen system failures, and other risks. It is important to note that actual outcomes could differ materially from those in such forward-looking statements.

Danny Angus Copyright © 2006-2013 (OMG that's seven years of this nonsense)