Valleywag
A tipster has written in to name Facebook programmer Jordan Moncharmont as the employee who allegedly looked up a user's password, logged into her account, and changed her profile picture to a graphic image. The story goes that one of Moncharmont's friends put him up to the deed because the victim, some years ago, had rejected this friend's invitation to the prom. We have no evidence to back this accusation. Our tipster, however, writes that the victim is certain Moncharmont was the meddler. Why?
Because she hadn't seen his friend in years until running into him in the street a week before the profile incident. Also, she claims the content of faked messages sent out under her name strongly suggested his complicity. Hardly a smoking gun. Still, Moncharmont is only 20, making the belated high-school drama scenario plausible. Facebook spokeswoman Brandee Barker says the company investigates reports of profile abuse.
Comments
Kinda young to be employed by Facebook...
But thats what you get when you hire kids...
Dude, this is why she said "no." Girls can usually tell when guys are creeps.
I would think that the passwords would be the 32 byte encryption to prevent things like that. Typically the person(s) in charge can change the password, but cannot read it.
re: this piece, and the other one questioning the age of the perp--I know people ~18 who were working at Facebook last year, over the summer, right after prom. So... it's plausible, though the ones I'm thinking of wouldn't have the demeanor for this kind of nonsense.
"I would think that the passwords would be the 32 byte encryption to prevent things like that."
32 bytes? wow, no wonder facebook login takes so damn long, they need a cluster of supercomputers just to handle the passwords!
@bh, @funny: Wow. I'm not sure which one of you knows *less* about security and cryptography.
A few weeks ago I wrote a piece titled 'Why I Stopped Using Facebook' and got some background from someone close to the scene who told me that any employee at Facebook could impersonate users, read their private messages, etc. Based on this I'm not at all surprised to hear about this. What I'm surprised about is that Facebook hasn't done more to protect their users from their employees.
Here is the story:
[jobmatchbox.com]
I doubt any employee can look up a user's password and log in. That would mean facebook doesn't hash passwords, and we all know they're smarter than that.
A programmer wouldn't need to decrypt the database. They would only need to log the un-encrypted id/password traffic somewhere between the server's SSL layer and the database. It's a very simple task to write, install, and hide a logger if someone has access to the production servers. Well managed companies don't allow programmers access to actual user data, they isolate them within a test environment and the IT department manages the servers and databases. Facebook needs to wall off its coders from its users to avoid further security breaches.
Start a discussion:
Login with your username and password below. Or comment on this post via email.
Forgot your username or password? New User?