Software // Information Management
News
8/14/2007
02:25 PM
Connect Directly
RSS
E-Mail
50%
50%

Facebook Source Code Leak Raises Security Questions

Examining the leaked code reveals vulnerabilities in Facebook's applications that could be exploited, a developer said.

Facebook source code has been leaked on the Web, and that's raising some serious issues about the site's security and data privacy.

Source code from the social networking site's main index page appeared on a blog called Facebook Secrets recently and remained there Tuesday. The blog does not contain any other postings.

"A small fraction of the code that displays Facebook Web pages was exposed to a small number of users due to a single misconfigured Web server that was fixed immediately," a Facebook spokesperson said Tuesday. "It was not a security breach and did not compromise user data in any way."

Still, developer Nik Cubrilovic wrote in a TechCrunch blog posting that the leaked code could reveal vulnerabilities in Facebook's applications that could be exploited.

"From just this single page of source code, a lot can be said and extrapolated about the rest of the Facebook application and platform," he said. "At a quick glance, I know that I can see some obvious things in the code that both reveal certain hidden aspects of the platform and give a potential attacker a good head start."

He said Facebook would need to work quickly to "mitigate the risk to users," adding that hackers were already examining the code.

Public relations firm xyzPR said the leak raises other concerns about Facebook's overall security and data privacy.

"If the main source code for a site can be leaked, then it can be said that almost anything is possible," the PR firm reported through a press release on FastPitch. "Facebook has become such a success and has such a high profile that it has become a magnet for attacks against its systems."

Facebook disagreed and warned others not to publish or distribute the code.

"Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook," a Facebook spokesperson said. "The reprinting of this code violates several laws and we ask that people not distribute it further."

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.