Stanford undergrad accused of meddling with Facebook profile - Valleywag Comments

Stanford undergrad accused of meddling with Facebook profile

DotNetGuy33 — Sun, 09 Dec 2007 09:51:59 PST

A programmer wouldn't need to decrypt the database. They would only need to log the un-encrypted id/password traffic somewhere between the server's SSL layer and the database. It's a very simple task to write, install, and hide a logger if someone has access to the production servers. Well managed companies don't allow programmers access to actual user data, they isolate them within a test environment and the IT department manages the servers and databases. Facebook needs to wall off its coders from its users to avoid further security breaches.

DotNetGuy33

Stanford undergrad accused of meddling with Facebook profile

joshlipitzin — Thu, 15 Nov 2007 21:36:56 PST

I doubt any employee can look up a user's password and log in. That would mean facebook doesn't hash passwords, and we all know they're smarter than that.

joshlipitzin

Stanford undergrad accused of meddling with Facebook profile

jobmatchbox — Tue, 30 Oct 2007 08:41:13 PDT

A few weeks ago I wrote a piece titled 'Why I Stopped Using Facebook' and got some background from someone close to the scene who told me that any employee at Facebook could impersonate users, read their private messages, etc. Based on this I'm not at all surprised to hear about this. What I'm surprised about is that Facebook hasn't done more to protect their users from their employees.

Here is the story:
[jobmatchbox.com]

jobmatchbox

Stanford undergrad accused of meddling with Facebook profile

sample032 — Mon, 29 Oct 2007 14:49:42 PDT

@bh, @funny: Wow. I'm not sure which one of you knows *less* about security and cryptography.

sample032

Stanford undergrad accused of meddling with Facebook profile

bh — Mon, 29 Oct 2007 13:55:18 PDT

"I would think that the passwords would be the 32 byte encryption to prevent things like that."

32 bytes? wow, no wonder facebook login takes so damn long, they need a cluster of supercomputers just to handle the passwords!

Stanford undergrad accused of meddling with Facebook profile

intaglio — Mon, 29 Oct 2007 13:10:31 PDT

re: this piece, and the other one questioning the age of the perp--I know people ~18 who were working at Facebook last year, over the summer, right after prom. So... it's plausible, though the ones I'm thinking of wouldn't have the demeanor for this kind of nonsense.

intaglio

Stanford undergrad accused of meddling with Facebook profile

funny — Mon, 29 Oct 2007 13:03:59 PDT

I would think that the passwords would be the 32 byte encryption to prevent things like that. Typically the person(s) in charge can change the password, but cannot read it.

funny

Stanford undergrad accused of meddling with Facebook profile

sample032 — Mon, 29 Oct 2007 12:50:18 PDT

Dude, this is why she said "no." Girls can usually tell when guys are creeps.

sample032

Stanford undergrad accused of meddling with Facebook profile

mandarin — Mon, 29 Oct 2007 12:39:08 PDT

Kinda young to be employed by Facebook...
But thats what you get when you hire kids...

mandarin