Facebook closes security hole
Facebook has eliminated a bug in the social networking service's password reset functionality which could have been used to reveal the passwords of a small number of users who also use Hotmail. Serkan Gencel, a Turkish security researcher, told CNET that, where a user used their Hotmail email address for their Facebook account, it was possible for a third party to reset their password. No details of the mechanics of the operation of the vulnerability were given.
Gencel first informed Facebook of the vulnerability before taking the story to the media. According to CNET, Facebook has now confirmed the vulnerability and closed the hole quickly. In a statement, Facebook thanked the researcher for adopting a responsible disclosure policy and not placing the public at risk.
(djwm)