abducts news thread hijackhttp://www.blackhatacademy.org/security101/index.php?title=FacebookQuote
Overview
Over the years, facebook has been vulnerable to numerous web exploitation techniques, such as XSS, FQL injection (similar to SQL injection), application worms, and redirect protection bypass. Because they continue to attempt to write their own language implementations, they are repeatedly vulnerable. Security by obscurity doesn't work if they document their own markup language and query language for attackers.
http://slashdot.org/submission/1807962/facebook-malicious-link-protection-already-broken
Quote
mepholic writes "To be honest, this vulnerability is not anything that is actually new. Facebook was informed about it months ago (July 31, 2011 to be exact.) They really just started using WebSense to brush this vulnerability under the rug and make their users feel a bit more safe. Blackhat Academy released a Proof of Concept exploit on October 4th, the day after Facebook enlisted WebSense for link protection."