[0xeeeeeeee]

I reported this issue a long time ago. Got the same messages back from facebook as everyone else in the thread. I've reported other issues and always get the same thing back.

It sounds like Facebook Security gets a lot of pushback from the developers. Certain things like coffee shop attacks and a lot of other REAL ISSUES get no notice for a long time. It took up until last year to get a damn HSTS header.

I actually reported an issue today about a security practice they implemented completely incorrectly. I got a response back that it was not meant for any actual security.

In theory it's unacceptable, but in practice this is a big company with thousands of employees and a lot of moving parts. Small changes can be hard to make....which to get back to my original point is why facebook seems to just ignore a lot issues but keep the pipes open for the occasional big one.