Facebook Breaks Major Websites With Redirection Bug

johnsnails writes "Some of the biggest news sites in the world disappeared yesterday when Facebook took over the internet with a redirection bug. Visitors to sites such as The Washington Post, BuzzFeed, the Gawker network, NBC News and News.com.au were immediately transferred to a Facebook error page upon loading their intended site. It was fixed quickly, and Facebook provided this statement: 'For a short period of time, there was a bug that redirected people logging in with Facebook from third party sites to Facebook.com. The issue was quickly resolved, and Login with Facebook is now working as usual.'"

so...

[liamevo]

can we please stop relying on third parties for things *you* should be providing to your users.

Congrats

[Anonymous Coward]

If you let others insert scripts into your pages they can steal your visitors.

Maybe it'll make sites think about who they script src from.

I keep trying to use Facebook.

[hessian]

I've come to the conclusion that social networking is screwed up because the people who use it most are the people who are least invested in reality.

Every time I try to use Facebook, I get driven away by the behavior of its users. Not the Instagram dinner plate updates, or the personal drama, because I've already filtered out those people.

It's the sensitivity. People take anything seriously. I posted an article showing that divorce really screws up kids. I got back a half-dozen replies, all from people who'd had divorces, defending their own decisions. When I said that it wasn't personal, they said they still felt attacked.

There were other instances of similar behavior too. People hover around Facebook, looking for some reason to cause a scene. Why was this, I wondered.

It seems to me that if you have found something worth doing in life, you're mostly doing it. That doesn't mean your job. If your job sucks, you've probably got a project on the side. You're not going to devote your time to screwing around, which is what most people on Facebook do.

This means that social networking including Facebook selects out the people who have any direction in life, and leaves the resentful, bored, unemployed, disabled, upset, insane, teenage, etc. and concentrates them in large numbers. This is why so much of the response is crazy.

I should amend the post title. I used to keep trying to use Facebook (and MySpace, Digg, Reddit, Friendster, Pinterest, etc.). But now, I don't. These aren't places where healthy people hang out.

Re:Um... How?

[Anonymous Coward]

In short, "Web bugs", short bits of code that are included inline from another provider. Basically these sites had on their front page a "get shit from facebook" or some such badge displayed, that badge is not created by the site owner but is sourced inline from facebook, now if the thing they pull from facebook is broken and facebook presents a redirect to your browser in place of the web bug (badge, whatever) then your browser dutifully redirects.

If facebook were malicious they could commandeer half of the web.

Re:so...

[orthancstone]

On one hand, I'd prefer to see authentication in the hands of someone I consider more reliable (like Google) than someone programmer of questionable ability at (Insert Random Dying Newspaper here).

On the other hand, a hearty "HA HA!" does feel appropriate here. They do get what they are asking for by being so deeply tied to a third party.

Re:Um... How?

[Anonymous Coward]

The key is "client is directed to Facebook". Sites include 3rd party scripts all the time, blindly executing whatever gets sent back. If that includes a simple assignment to window.location, there's your redirect.

Re:It Has Its Ups and Downs

[Rockoon]

Indeed.

I think many people are in support of third party authentication semantics for non-critical sites..

Even though ultimately facebook is probably a bad choice for it, what else is so ubiquitous as to be a reasonable option that also doesnt suffer the same essential problems (certainly not a google account?)

Re:Congrats

[FireFury03]

If you let others insert scripts into your pages they can steal your visitors.

Maybe it'll make sites think about who they script src from.

One of the bad things I've noticed recently is that HSBC [hsbc.co.uk] is including objects from third party organisations in their ebanking login pages. I do wonder if any thought has gone into the security of such things, or if HSBC simply don't care (my experience of banks tells me that none of them have a single clue when it comes to internet security).

Re:It Has Its Ups and Downs

[DogDude]

from a large corporation standpoint, you can now get additional social data about your users from the facebook api (I know, this isn't necessarily an advantage for the end user and is best viewed as double edged).

For an individual, there's only one edge: a sharp one. Who in their right mind would want every company/web site to know all of the intimate details of what they're doing on every other web site? Isn't it obvious to people that by signing in with a Facebook ID to web sites, that not only does Facebook track everything done, but then sells that information to everybody else? That's how those extremely complete personal profiles are created about individuals in corporate databases that are then swapped and sold indefinitely. What benefit could this possibly have for individuals?

Re:It Has Its Ups and Downs

[DogDude]

Hey kid, I've got a bridge to sell ya'....

Re:I keep trying to use Facebook.

[roman_mir]

I should amend the post title. I used to keep trying to use Facebook (and MySpace, Digg, Reddit, Friendster, Pinterest, etc.). But now, I don't. These aren't places where healthy people hang out.

- yeah, but here, on /., we are the paragon, the shining beacon, the city on the hill, the perfect example of the healthy, both in the mind and in the body. /. - if you feel you are healthy.