Many of us have dozens, hundreds or even thousands of photos logged on Facebook. A nefarious bug on the website — that has since been mended — would have allowed hackers to arbitrarily delete them.
A blogger named Laxman Muthiyah discovered the issue. It all came down to a rather brief bit of code:
DELETE /(Victim’s_photo_album_id) HTTP/1.1
Host : graph.facebook.com
Just by inserting the photo album’s ID number, Muthiyah was able to delete Facebook pictures that did not belong to him. A person on the other end of this code execution would have no idea why her pictures were suddenly gone. Read more…
Get ready for the 4GB iPhone app