John Leyden reports that Facebook has fixed a bug, but it took five months to do so:
Facebook had a busy time over the holiday period fixing several security flaws, including a webcam-related vulnerability that allowed hackers to record video from a user’s web camera and post it on their timeline.
“An attacker could trick a user to silently record his webcam video and publish it to his Facebook wall, without the user even knowing about it,” according to Aditya Gupta, the Indian security researcher who discovered the flaw. Gupta and fellow security researcher Subho Halder from XY Security earned a $2,500 reward from Facebook for discovering the Cross-Site Request Forgery (CSRF) bug, which stemmed from a failure to apply adequate security controls. Gupta notified Facebook about the “Peeping Tom” bug in July but the social networking giant only recently rolled out a fix.
Read more on The Register.