Software // Information Management
News
8/14/2007
02:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Facebook Source Code Leak Raises Security Questions

Examining the leaked code reveals vulnerabilities in Facebook's applications that could be exploited, a developer said.

Facebook source code has been leaked on the Web, and that's raising some serious issues about the site's security and data privacy.

Source code from the social networking site's main index page appeared on a blog called Facebook Secrets recently and remained there Tuesday. The blog does not contain any other postings.

"A small fraction of the code that displays Facebook Web pages was exposed to a small number of users due to a single misconfigured Web server that was fixed immediately," a Facebook spokesperson said Tuesday. "It was not a security breach and did not compromise user data in any way."

Still, developer Nik Cubrilovic wrote in a TechCrunch blog posting that the leaked code could reveal vulnerabilities in Facebook's applications that could be exploited.

"From just this single page of source code, a lot can be said and extrapolated about the rest of the Facebook application and platform," he said. "At a quick glance, I know that I can see some obvious things in the code that both reveal certain hidden aspects of the platform and give a potential attacker a good head start."

He said Facebook would need to work quickly to "mitigate the risk to users," adding that hackers were already examining the code.

Public relations firm xyzPR said the leak raises other concerns about Facebook's overall security and data privacy.

"If the main source code for a site can be leaked, then it can be said that almost anything is possible," the PR firm reported through a press release on FastPitch. "Facebook has become such a success and has such a high profile that it has become a magnet for attacks against its systems."

Facebook disagreed and warned others not to publish or distribute the code.

"Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook," a Facebook spokesperson said. "The reprinting of this code violates several laws and we ask that people not distribute it further."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, don’t look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.