Facebook ignores huge security hole for four months

I've written about the dangers of the social websites for a while now. In general I don't think minors should be allowed on them - there are too many wackos out there and it's too easy to disclose personal information that one could use against you.

Now I found this article describing a current 'hole' in their security. Facebook has known about, but not responded to a hole called Cross Site Scripting (XSS)

The cross-site scripting (XSS) error can be plainly demonstrated here and here. It allows a miscreant to trick a user into believing he is visiting Facebook when the vast majority of the content is being supplied by a website of the attacker's choice.

The danger of it is - a person can believe they are logged into Facebook and the scripts running on that page will be from the hackers website collecting information. hmmm - not good!

here is the original article
Facebook ignores huge security hole for four months • The Register