The new "Groups" feature that Facebook rolled out yesterday allows users to slice and dice their friends into publicly-visible cliques, recognizing that users don't always want to share something with their entire friend list or just a single recipient. But Sophos security researcher Chet Wisniewski points in his blog to a gaping problem in that feature: Any user can add any of their friends to one of those groups without the friend's approval, generating a status update showing that the friend has been added to that group.
Blogger Michael Arrington seems to have already performed a helpful proof-of-concept by adding Mark Zuckerberg to a group supposedly representing NAMBLA, the North American Man-Boy Love Association. Zuckerberg's addition to the group is broadcast to all of his friends, as shown in the image above.
The article was about the flaw of the groups feature in FB, not that MZ joined NAMBLA on his own.
Yeah, but it would have been better if that guy joined him and other CEO's on some neo Nazi groups, then he could be the leader of a pedo-Nazi group. I bet that policy would end after a few phone calls. Heh heh.
view the rest of the comments →
kestrel9 ago
Misleading title
The article was about the flaw of the groups feature in FB, not that MZ joined NAMBLA on his own.
YogSoggoth ago
Yeah, but it would have been better if that guy joined him and other CEO's on some neo Nazi groups, then he could be the leader of a pedo-Nazi group. I bet that policy would end after a few phone calls. Heh heh.
kestrel9 ago
awesome