Facebook, while performing maintenance on a web server over the weekend, apparently displayed code that generates its user interface. WOOPS.
Facebook claims that the code that was leaked did not threaten their users data. But security analysts argue that it very well may have.
The thought is this, a well versed hacker could look at the code and learn some of the inner workings of Facebook. This tidbit of knowledge, mixed with some sql injection and fake FaceBook pages on another web server is a cookbook for disaster.
A statement was made from Brandee Barker of FaceBook:
A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it furtherAs posted on TechCrunch:
It seems that the cause was apache and mod_php sending back un-interpreted source code as opposed to output, due to either a server misconfiguration or high load (this is a known issue). It is also apparent that other pages have been revealed, and that this problem has occured before, but only now has somebody actually posted the code online.
So, I invite hackers to view the code at Facebook Secrets. This invitation is for educational purposes only, not to mention if you find security holes, maybe you could charge FaceBook to fix them.
Chris
No comments:
Post a Comment