Today we’ve got an All Facebook Edition of Quick Hits. Check it out, and, as always, share any interesting articles or news stories you find in the comments.

–

New Facebook/Yelp Security Vulnerability Discovered

In yesterday’s Quick Hits, we mentioned a security vulnerability in Facebook from the Yelp Personalization Program. While Facebook resolved that issue, another similar security hole popped up only a little while later. Last night, TechCrunch reported on this second security hole, explaining why it’s dangerous for users.

“Using this kind of XSS hole, it would be possible for a malicious ad served by an ad network in an iFrame to surreptitiously harvest data about any Facebook user who viewed the ad. The ad could conceivably customize itself to address the user by name or show their profile photo. Likewise, unauthorized third party sites could use such an exploit to identify its users not just by IP address, but by name, current city, etc.”

Since the second security hole was discovered, Facebook has limited the amount of information users can share through the Instant Personalization Program, but I’d be willing to bet this isn’t the last time we hear of a threat like this.

Facebook’s Eliot Schrage Responds to Criticism in New York Times Q&A

In an effort to address criticism about Facebook’s privacy problems (such as the multiple Yelp flaws I mentioned above), Eliot Schrage, Facebook’s Vice President for Public Policy, held an open Q&A with the New York Times where he answered questions from Facebook users. In general, users were angry over Facebook’s extensive changes, prompting Schrage to defend the company’s decisions while explaining that their intentions were good.

From Schrage: “My biggest concern reading these comments has been the incorrect perception that we don’t care about user privacy or that we’ll sacrifice user privacy in exchange for advertising. That’s just not true. We want to be trusted partners with our users in helping manage those tensions.” Check out his answers to see if you agree with him.

Larry Magid Weighs in on “Complicated” Facebook Privacy

Tech columnist and web safety expert Larry Magid has finally weighed in on what he thinks of Facebook’s recent privacy changes. In his San Jose Mercury News column, Magid comes to the conclusion that Facebook has “created a privacy regime that’s simply too complicated for many people to understand.” In one sentence, Magid essentially encapsulated the criticism from the New York Times Q&A. Time and time again, Facebook has shown that it would rather shoot first and ask questions later. For the most part this has worked out for the company, with many users complaining but few users leaving. As I explain in the next item, that might not be the case this time.

More Tech Leaders Leaving Facebook

According to ReadWriteWeb, a number of web industry leaders are quitting Facebook. What began with guys like Engadget founder Peter Rojas, has now spread to include famed video podcaster Leo Laporte and entrepreneur Mark Calacanis. One of the alternatives these tech industry notables suggest as an option for Facebook is a new open-source social networking website. The RWW article speculates what this open-source social networking website might look like.