Cloud, Digital, SaaS, Enterprise 2.0, Enterprise Software, CIO, Social Media, Mobility, Trends, Markets, Thoughts, Technologies, Outsourcing


Contact Me:

Linkedin Facebook Twitter Google Profile


wwwThis Blog
Google Book Search



  • Creative Commons License
  • This page is powered by Blogger. Isn't yours?
Enter your email address below to subscribe to this Blog !

powered by Bloglet


Sunday, August 12, 2007

Facebook Source Code Leaked

Techcrunch breaks the news that some parts of facebook code appears to have been leaked. Facebook is the new darling of the web 2.0/ social network movement and is clearly a high profile player in the segment. Naturally, it has become a magnet for attacks against its systems. This is shocking to say the least. Nik Cubrilovicpoints to number of clear ramifications here. The first is that the code can be used by outsiders to better understand how the Facebook application works, for the purposes of finding further security holes or bugs that could be exploited. Since Facebook is a closed source application, without access to the code security holes are usually found through a process of black-box testing, whereby an external party will probe the application in an attempt to work out how the application behaves and to try and find potential race conditions. In closed source applications it is common that developers rely on the closed nature of the application to obfuscate poor design elements and the structure of the application. An attacker getting access to the source code more often than not leads to further security holes being discovered. The second implication with this leak is that the source code reveals a lot about the structure of the application, and the practices that Facebook developers follow. From just this single page of source code a lot can be said and extrapolated about the rest of the Facebook application and platform.
Brandee Barker of Facebook responds that some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
In the past giants like Microsoft , Cisco have suffered from source code leaks. Both of them rallied back quite well. I agree with Nik that this leak is not good news for Facebook, as it raises the question of how secure a Facebook users private data really is. If the main source code for a site can be leaked, then it can be said that almost anything is possible. Most large scale applications suffer a breach at some point or another, since the odds are always stacked in favor of attackers, but companies can respond in a number of ways and the hope here is that Facebook will handle this situation gracefully.

Labels: , ,

ThinkExist.com Quotes
Sadagopan's Weblog on Emerging Technologies, Trends,Thoughts, Ideas & Cyberworld
"All views expressed are my personal views are not related in any way to my employer"