Hacker News new | past | comments | ask | show | jobs | submit login

wow that's a nice bounty for changing two parameters on the end of a URL.



The exploit is easy, but the implications are very dangerous. Such an exploit could have been automated to take down hundreds of photos before it was even detected.


nope, only thing this would've shown is that pictures aren't really deleted. Think about it. Facebook would do a rollback and all the pictures would be back. However with a little bad luck on their part they'd mess up which would lead to them restoring rightfully deleted pictures (many of them embarrassing). Would this have happened for sure? Probably not, but I strongly believe that this could have ended hilariously and frankly I am a little disappointed that the researcher was a white hat ;)


Rolling back is a last-ditch effort, it often causes more problems than it would cure. Sure you'd get the pictures back, but everything done in the interrim would be deleted. And if he were a black hat, we'd have never heard about this.


I can't imagine Facebook could roll anything back on their scale. Everything touches so many things, it would be a nightmare to get done.

I'd imagine they'd find the accounts that were responsible for deleting the pictures that weren't theirs (as this hack allowed to have happen) and restore the pictures deleted by those accounts.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: