Clicky

Facebook source code leaked

Posted by Joshua Karp on Aug 12, 2007 12:53 pm 8 comments
Filed in News

This is bad news for the Facebook team. Someone has managed to glean the source code for the site’s home page, and has posted his/her/their findings on a website, cleverly titled Facebook Secrets. This raises significant questions over the security of the site. Facebook is a closed-source system, meaning that the site code is not made readily available to the general public. As such, the individual(s) who managed to track this stuff down did some illicitly. A site like Facebook should, and no doubt does, have security measures in place to stop this sort of ting from occurring. They’ve obviously failed. A breach like this can render the application/site even less secure, exposing further vulnerabilities and weak spots. Let’s hope they manage patch this up before anything goes terribly wrong…

Read

8 comment(s) for this post.

  1. On Aug 12, 2007 @ 1:36 pm, JJ Said:

    That code doesn’t appear to be much more than the profile (or possibly the welcome) page a user would be presented with once they log in.

    I don’t know if seeing this code is a terrible threat. :-/

    Permalink | Reply

  2. On Aug 12, 2007 @ 3:03 pm, Blake Ross Said:

    Nobody gained access to Facebook; this was the result of a server misconfiguration on our part. See Facebook’s response:

    “Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.”

    Permalink | Reply

  3. On Aug 12, 2007 @ 3:12 pm, Jeff B. Said:

    Yea but it still got out.

    Permalink | Reply

  4. On Aug 12, 2007 @ 3:19 pm, Galvatron Said:

    Facebook go PWN3D

    Permalink | Reply

  5. On Aug 12, 2007 @ 6:19 pm, victor Said:

    Like JJ said the code seems like nothing major but you would still want to keep it secret. So it will be a big deal.

    Permalink | Reply

  6. On Aug 12, 2007 @ 7:14 pm, Sean Said:

    I’ve been getting suspicious instant messages from user ‘facebook’ from members of my buddy list who do have facebook, but it doesnt seem legit i could be wrong

    Permalink | Reply

  7. On Aug 13, 2007 @ 9:50 am, Mr.Hopkins Said:

    call me a noob or whatever. But I have a question…I’ve never used facebook but I know people who have and do. What exactly is at risk, or what damage can be done from someone knowing the source code? I can obviously figure that a lot of personal data is at risk, but what else?

    Permalink | Reply

  8. On Aug 13, 2007 @ 1:11 pm, JJ Said:

    Hopkins -

    With access to a products source code any individual (that has the skill) could find security vulnerabilities (assuming there are any). This puts individual users data such as Name, Age, Sex, Religion, Political views, as well as Credit Card and Mailing information at risk.

    Having access to this type of information could also put a companys hardware and network at risk of attack.

    Nonetheless, the material that was accidently published is nothing to be worried about. The material seems to present very little threat.

    Permalink | Reply

Leave a comment on this post.