Tuesday December 2, 2008 4:21 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"I have been the recipient of Agent.JEN.Trojan through an email suggesting a UPS parcel (including..."
on Trojan disguised as UPS delivery note
by Vincent Laing | Nov 13, 2008 4:01 PM
Web

Facebook lets source code slip

  • Email a Friend
  • Print Page
Facebook lets source code slip
Related Articles
By Staff Writers
Aug 16, 2007 2:46 PM
Tags: Facebook | lets | source | code | slip
A portion of the source code for social networking site Facebook was inadvertently made available recently because of an incorrectly configured web server hosting the code.

A copy of the code was posted on the Facebook Secrets blog which appears to have been created specifically to post the code.

"A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately," said Brandee Barker, a spokeswoman for Facebook.

"It was not a security breach and did not compromise user data in any way. Because the code only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook."

The leak comes just weeks after the site's founder had to defend himself against allegations that he stole the source code source from fellow university students.

The problem appeared when the page showed the un-interpreted source code for the main index page rather than returning the standard output.

The problem has been put down to a server misconfiguration, or a known bug in the Apache server which may occur when the server experiences high loads.

Despite Facebook's assertions that there are no security issues surrounding the leak, security experts have warned that access to the application source code is always useful to hackers looking to subvert or compromise a website.

"Anytime that source code is accidentally revealed, there is potential for an increase in risk," said Pete Lindstrom, a senior security analyst at Burton Group.

He added that when a company dismisses the security implications of such an incident, there are likely to be real security issues.

"There are enough folks out there trolling the websites who will be perfectly happy to try to identify vulnerable areas that could be exploited," said Lindstrom.

"If you release source code into the wild, you are going to have some level of increased risk associated with it. I cannot think of a case where you would not."

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
code cybercrooks facebook file identity infection malware mobile payout profiles record rogue scam source spam tracked virus windows wins worm