A break-in of the Facebook Walled Garden

 

Facebook source code leak According to a late breaking story on TechCrunch a hole appeared in the wall that surrounds Facebook long enough to have the code for the main Facebook index page to have been leaked.

From what Nik on TechCrunch says the code has been published to a blog called Facebook Secrets of which the leaked code is the only entry; which is taken to mean that this blog was created specifically for this purpose and who ever is behind the leak and/or posting doesn’t want to be connected publicly to it.

While the article over at TechCrunch goes into a number of the ramifications of this leak the big one for me is if this can happen; and given that Facebook is becoming a larger target everyday just how safe is all that data you are feeding to it.

UPDATE: In the spirit of journalistic integrity it should be noted that very quickly after the post appeared on TechCrunch the Facebook patrol was out with the firehoses with Brandee Barker telling the TechCrunch readership that it was due to a misconfiguration of a single server that was quickly fixed.

However I liked Tony Hung’s response to a commenter on Deep Jive Interests who thought an update to Tony’s original post was required.

Could a server misconfiguration send out the whole source code in its entirety when you put in the Facebook URL?

Conversation Tags: , , , ,

This entry was written by Steven Hodson and posted on August 11, 2007 at 11:11 pm and filed under Internet, Security. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.


Related Posts:






11 Comments

  1. Aaron UNITED STATES Mac OS X Mozilla Firefox 2.0.0.5
    Posted August 11, 2007 at 11:13 pm | Permalink
    Facebook’s response: http://www.techcrunch.com/2007/08/11/facebook-source-code-leaked/#comment-1551812

    It was a temporary server misconfiguration, not a security breach, and didn’t compromise any user data.

  2. Steven Hodson CANADA Windows Vista Internet Explorer 7.0
    Posted August 11, 2007 at 11:18 pm | Permalink
    damn .. less than 2 minutes from post to response — I’m impressed :)
  3. Tony Hung CANADA Windows Vista Mozilla Firefox 2.0.0.6
    Posted August 11, 2007 at 11:40 pm | Permalink
    Wow, Aaron — you move fast, man. ;)

    He was at DJI like 5 minutes ago.

  4. Steven Hodson CANADA Windows Vista Internet Explorer 7.0
    Posted August 11, 2007 at 11:46 pm | Permalink
    Tony;

    I was impressed :) .. BTW DJI is still not playing nice when I try to leave comments not sure why but keeps shuffling me off to the “need to approve” pile :)

  5. bill UNITED STATES Windows XP Mozilla Firefox 2.0.0.6
    Posted August 11, 2007 at 11:49 pm | Permalink
    Looking like a hoax maybe…lots of comments around the net about how shoddy the coding is….would you think FB would run their index.php that way?
  6. Tony Hung CANADA Windows Vista Mozilla Firefox 2.0.0.6
    Posted August 11, 2007 at 11:51 pm | Permalink
    Really? How odd — its neither in the moderation or the SK2 spam queue.
  7. Steven Hodson CANADA Windows Vista Internet Explorer 7.0
    Posted August 11, 2007 at 11:56 pm | Permalink
    Bill:

    don’t think it’s a hoax … there will probably be a lot of FUD coming out of Facebook tomorrow and the following week but there are some interesting times for it ahead … read Tony’s piece over at DJI to give you an idea - http://www.deepjiveinterests.com/2007/08/12/facebook-hacked-by-an-inside-job/

  8. Steven Hodson CANADA Windows Vista Internet Explorer 7.0
    Posted August 11, 2007 at 11:58 pm | Permalink
    Tony:

    the actual post was about a week ago IIRC but being an old cranky fart I could be off by a day or two :) I can always let you know if it happens again and when.

  9. Tony Hung CANADA Windows Vista Mozilla Firefox 2.0.0.6
    Posted August 12, 2007 at 12:02 am | Permalink
    Please do! I’ll start hunting … ;)
  10. Aaron UNITED STATES Mac OS X Mozilla Firefox 2.0.0.5
    Posted August 12, 2007 at 1:04 am | Permalink
    I’m the one who commented on DJI and I don’t understand the scrutiny. Is the implication that a mere misconfiguration couldn’t cause multiple page sources to be released? If so, a misconfiguration could cause the source for the *requested* page to be released, and if a user somehow hit the same server for multiple pages, he could gather the source for those pages.

    I haven’t seen any claim that the “entire Facebook source” was released. For one thing, the bug could only display the highest (presentational) tier of the codebase, which is the least important. For another, I’ve only heard reports of 3-4 source files being made public.

  11. Steven Hodson CANADA Windows Vista Internet Explorer 7.0
    Posted August 12, 2007 at 1:11 am | Permalink
    Aaron

    I realize you were the original commenter that Tony was replying to but thanks for clarifiing.

    However I wasn’t trying to suggest anything against your posts either on DJI or here .. I just thought that Tony’s follow-up comment was a good one - that is all .. nothing more nothing less

One Trackback

  1. By Facebook source leaked - get it all here - alex.moskalyuk UNITED STATES WordPress 2.2.1 on August 12, 2007 at 2:34 am
    [...] TechCrunch posted an item regarding Facebook servers exposing raw PHP code, with blogosphere echo chamber making its rounds, telling a more negative story each time [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

For spam filtering purposes, please copy the number 5501 to the field below: