Communications of the ACM
Computer Science Professor Finds Yelp Leak
Credit: Courtesy of marketingpilgrim.com
A security leak in the mobile version of Yelp gave Web site visitors access to reviewers' personal information, according to social networking and Internet economics researchers.
The security bug came to the attention of Georgios Zervas, an affiliate at the Harvard Center for Research on Computation and Society and a fellow at Yale, while he was browsing m.yelp.com.
A user's phone normally receives information packaged in the JavaScript Object Notation format, and extracted certain fields to be viewed, when accessing a site such as Yelp. However, a flaw in coding made other, non-displayed fields within the data easily accessible. As a result, Zervas was able to see a lot of data that is not normally accessible to site visitors.
Zervas shared the information with Harvard University professor Michael D. Mitzenmacher and Boston University professor John W. Byers.
"They took it seriously," Mitzenmacher says of the popular business review site, which fixed the problem. "To me, it shows a positive university and business interaction that can come about from research and research projects--that that relationship can be friendly and non-adversarial when these sorts of things come up."
From Harvard Crimson
View Full Article
No entries found