Facebook Source Code Leaked

Techcrunch breaks the news that some parts of facebook code appears to have been leaked. Facebook is the new darling of the web 2.0/ social network movement and is clearly a high profile player in the segment. Naturally, it has become a magnet for attacks against its systems. This is shocking to say the least. Nik Cubrilovicpoints to number of clear ramifications here. The first is that the code can be used by outsiders to better understand how the Facebook application works, for the purposes of finding further security holes or bugs that could be exploited. Since Facebook is a closed source application, without access to the code security holes are usually found through a process of black-box testing, whereby an external party will probe the application in an attempt to work out how the application behaves and to try and find potential race conditions. In closed source applications it is common that developers rely on the closed nature of the application to obfuscate poor design elements and the structure of the application. An attacker getting access to the source code more often than not leads to further security holes being discovered. The second implication with this leak is that the source code reveals a lot about the structure of the application, and the practices that Facebook developers follow. From just this single page of source code a lot can be said and extrapolated about the rest of the Facebook application and platform.
Brandee Barker of Facebook responds that some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
In the past giants like Microsoft , Cisco have suffered from source code leaks. Both of them rallied back quite well. I agree with Nik that this leak is not good news for Facebook, as it raises the question of how secure a Facebook users private data really is. If the main source code for a site can be leaked, then it can be said that almost anything is possible. Most large scale applications suffer a breach at some point or another, since the odds are always stacked in favor of attackers, but companies can respond in a number of ways and the hope here is that Facebook will handle this situation gracefully.

Labels: Emerging Trends, Facebook, Source Code Leaks