fabulousyarn - 6:32 pm on Jan 26, 2011 (gmt 0)
Well, actually, its a matter of what you consider criminal. And there are different levels of criminals... If this person can hack Zucks page, how vulnerable is everyone on facebook? I think its actually really important that zuck take this seriously, and it really shows how open the code is - and yes, if you are going to brag about security ( as facebook has been) you'd better be able to NOT let something like this happen, or face the opportunity when it does to take advantage of it, make lemons out of lemonade and figure out how to strenghten your code.
I think there is a distinct difference between hacking a facebook page, which may or may not require stealing inforamtion (I don't know, I"m not a hacker) and stealing my information money and using it somewhere - that's stealing and identity theft. If someone hacked my site and told me about it, I'd be pissed, but I'd also know that hey, I have to fix the damn site. IF they took my site down (as happenned) I would be pissed but hey, whose fault IS THAT - I need better site security, clearly, because if they can get in, then my customers are at risk - same as facebook info.
And some of the best IT places in the world use former hackers to expose security vulnerabilities - sometimes you have to go OUTSIDE to get INSIDE.