 For Thursday, October 11th, 2012, I'm Kristen Folletti. A researcher by the name of Saraya Prakash is claiming the majority of phone numbers on Facebook are not safe. One day after the release of Firefox 16, Mozilla said it has temporarily removed the latest version of its browser because of a security flaw, and a teenage hacker who goes by the name of Pinkie Pie will receive $60,000 in prize money from Google for producing the first Chrome vulnerability. Joining us now to discuss the state of security is SiliconANGLE contributing editor, John Casaretto. Welcome, John. Good morning. A researcher named Saraya Prakash is claiming the majority of phone numbers on Facebook are not safe, and he provided a demonstration showing how he could collect phone numbers and their corresponding Facebook names with very little effort. Explain to us what Saraya was demonstrating, which he believes was a violation of user privacy. Yeah, what he was able to do is string together a script that he could use to randomly select phone numbers and associate that with people's user names and other public information. So why is this a security issue? Well, it's more of a privacy issue than anything else. And it's an indication of some issues that Facebook has had before about public information and a bit of personal practice of limiting what information you make public on Facebook. And a lot of people are unaware of that, and I think that's really what he's trying to highlight here. Saraya claims he was able to accomplish all of this information gathering without being blocked for a significant period of time because of a loophole in the Facebook mobile app. Can you explain that to us? Yeah, apparently he discovered that there is far less restrictions on the mobile aspect on the mobile side of Facebook. So eventually after some repeated attacks, or attacks, if you will, but exploiting and collecting of information, they did figure out how to block him or block his IP after a certain period of time. But it appears that it's a little less restrictive, probably because of the nature of mobility. Saraya contacted Facebook to address the security issue and received a reply from Facebook's security spokesperson stating, when you hit a phone number, all you can do via contact importer is request someone to be your Facebook friend. So if that's true, then what are the security implications or the privacy implications here? Well, you still have a user's name, that's for sure. I mean, it's kind of a reverse index of phone numbers that he's putting together along with names, probably not all that different from whitepages.com or anything else like that. But the fact that Facebook is on its way to a billion users, it's a little bit shocking, a little bit unnerving. And I think for people that are the privacy experts and concerned about privacy, I think it's a pretty big issue and we might see some continued talk about this, about how they're gonna fix this. Saraya contacted Facebook several times about the issue to which Facebook finally replied with this statement, Facebook has developed an extensive system for preventing the malicious usage of our search functionality. And the scenario described by the researcher was indeed rate limited and eventually blocked. Do you believe Saraya is making something out of nothing or is Facebook turning a blind eye to a larger security issue here? I think that Facebook, if you touch on the, on how we discovered this, I know that I've seen some, you know, discover your friends. You know, I think they see this as a functionality, the ability to add new friends by different means the same way you can add through an email. They're trying to index off of any identifiable information to create new contacts and make it a little more enriching for you. So I think that perhaps he is making an issue out of it but we'll see what it is and how it ends up being taken from Facebook's perspective because it's a, you know, it's a significant issue and, you know, is it a feature or is it, you know, or something else? We'll see. Just a day after the Firefox 16 release, Mozilla has removed the latest version, citing a security flaw. Such a quick removal suggests that this might be a serious issue. Can you explain to us what Mozilla believes is the vulnerability? Well, apparently they have an indication that there's a significant security bug and what they're saying is that a malicious code, a site embedded, a code that is embedded in a site can basically figure out when people are using the browser, the new browser that they could figure out what URLs they've been to, what parameters that have been in there as well. So it's another thing where it could be exploited and but there has been no indication it's been exploited out there in the wild. What are Mozilla's plans to resolve the issue? Is this a flaw in previous versions of Firefox as well? No, it doesn't appear that it's a vulnerability that at least they haven't expanded the recall, if you will, of the bug to other versions of Firefox. What we do know is that it's been removed and they're working on patching it and releasing that because a lot of people have been anticipating this new release. So they're reacting pretty quickly to it and the fact it was only out for a day and they pulled it back, there's quite a bit of assurance that the security team does there and it seems like they caught this one just a little bit after the bell there but they'll pass this one up and roll it out and make it available again. A teenage hacker received a $60,000 prize from Google for exposing a Chrome vulnerability. Why does Google offer up these types of competitions for hackers? Well, there's a lot of theories, maybe they're looking for talent. I think they like the idea of proving that their browser is the best. But for the most part, I think what we see is they put together these efforts to try to ensure that they're addressing to the community that, hey, we patch our systems, we patch our browsers quickly. So we're able to revise it, we can put out a fix really quick and other browsers like Microsoft, Browser, InterExplorer or Mozilla who we just talked about, it takes them a lot longer, a couple of weeks to a month. So it's essentially controlling the zero-day aspect of your typical discovery of a flock and putting together a response to it as quick as possible. The largest cash prize was reserved for those who could find full Chrome exploits. Can you explain to us what that means? Yeah, Chrome's browser, much like a number of the others is created, is built with this concept of a sandbox. So there are minor exploits where certain functionalities, user functionalities give the user a bunch of functions, but they're put into like a secure environment and what the hackers have been able to do in this case is string together a number of these things in order to fully exploit the browser. So that's basically how it's put together. So it's the sandbox concept. Tell us about the vulnerability that hacker Pinkie Pie exposed. Well, the vulnerability that was exposed basically it was able to do a little bit more than crash the machine. So it basically by stringing together some of the fences that were in there, the code that was embedded in Chrome was exploited through basically a script attack. So we're, I think that they keep those things pretty close to their vest. So again, they don't publish everything that's out there. So we'll know a little bit more as the days go on perhaps. So this guy Pinkie Pie, he's a 19 year old hacker. He keeps his identity pretty close to his vest and that's his anonymity. So that's a pretty interesting aspect is that he's actually sending in these vulnerabilities and these exploits and it's a pretty interesting thing. And what does Google do with the information they gather from these types of events? Again, they quickly patch these things together. And I think that obviously they let these stories get out that, hey, this thing was exploited. They kind of ran rough shot over these exploits, this inter-process communication channel, these things that come up to basically say, hey, we've got to handle on our browser. We've got to handle on patching this. It's secure and it's a good event. Well, John, we appreciate your time today. Great talking with you. Okay, thanks. And remember, you can follow the news of the day and get the latest breaking analysis here at Newsdusk on SiliconANGLE TV.