|Cloud, SaaS, Enterprise 2.0, Enterprise Software, CIO, Social Media, Trends, Markets, Thoughts, Technologies, Outsourcing|
Linkedin Facebook Twitter Google Profile
Sunday, August 12, 2007
Techcrunch breaks the news that some parts of facebook code appears to have been leaked. Facebook is the new darling of the web 2.0/ social network movement and is clearly a high profile player in the segment. Naturally, it has become a magnet for attacks against its systems. This is shocking to say the least. Nik Cubrilovicpoints to number of clear ramifications here. The first is that the code can be used by outsiders to better understand how the Facebook application works, for the purposes of finding further security holes or bugs that could be exploited. Since Facebook is a closed source application, without access to the code security holes are usually found through a process of black-box testing, whereby an external party will probe the application in an attempt to work out how the application behaves and to try and find potential race conditions. In closed source applications it is common that developers rely on the closed nature of the application to obfuscate poor design elements and the structure of the application. An attacker getting access to the source code more often than not leads to further security holes being discovered. The second implication with this leak is that the source code reveals a lot about the structure of the application, and the practices that Facebook developers follow. From just this single page of source code a lot can be said and extrapolated about the rest of the Facebook application and platform.
|Sadagopan's Weblog on Emerging Technologies, Trends,Thoughts, Ideas & Cyberworld