We had visitors this weekend. One of them told me about a security problem she’d had. Her boyfriend had correctly guessed the answers to the “security questions” on her Yahoo account, and had thus managed to gain access to her email. From there, he had managed to find out her Facebook password, and do all kinds of scary black hat stuff with her profile. This all happened while they were chatting on MSN, and the boyfriend told her he was going to do it, just as a demonstration, so it’s not quite as underhanded as it seems.

She’s a fully certified Normal Person, so I’m interested in how she described the incident: “Facebook can be hacked.”

I’m sure there’s an illuminating lesson in how regular users view security hierarchies here.