Facebook Source Code Leaked!
Posted by Nick O'Neill on August 12th, 2007 4:48 AMLast night I returned from Barcamp Washington, DC to see a post on Techcrunch about how the source code of Facebook has been leaked. Wow! After the posting, Nik Cubrolivik received an official response from Facebook as follows:
Facebook have sent us an official response (and Brandee Barker from Facebook has left a comment below): “Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.”. It seems that the cause was apache and mod_php sending back un-interpreted source code as opposed to output, due to either a server misconfiguration or high load (this is a known issue). It is also apparent that other pages have been revealed, and that this problem has occured before, but only now has somebody actually posted the code online.
Are you kdding me? Facebook is claiming that the posting of the source code posted on http://facebooksecrets.blogspot.com/ is a violation of the law and should not be redistributed or reprinted. I agree! My privacy has been officially violated. One interesting thing that I have seen in the source code is the existence of a “Monitization Box.” I’m not quite sure what this box is but it is interesting to see that. Additionally, Facebook uses a templating system. This is something that I always suggest with any development application to remove the back-end from the front-end development side of things. You can change the template on the fly without the recreation of any back-end code.
I have a feeling that the site that I have listed above will be shut down within the next 48 hours. This is a massive security breach for Facebook and one which should not have occured. There are millions of users that trust Facebook to handle their information securily and this is somethink that should not have happened. I don’t know of any “techinical issue” which would have created this but Nik Cubrilovic has posted information that shows developers how to prevent their source code from leaking.
I would have expected a company like Facebook to have already addressed this issue but apparently they are behind the curve. First step: make sure this is prevented from ever happening again. Second: take down the site with the source code. It appears as though Facebook has protected against any security breach as a result of the posted source code. I have explored the code and checked paths to confirm this. One thing is for sure: their code is tidy. The other thing? DO NOT LEAK YOUR CODE!
August 12th, 2007 at 8:13 am
[…] on Allfacebook These icons link to social bookmarking sites where readers can share and discover new web […]
August 12th, 2007 at 9:51 am
Nick,
I hope the after party at BarCamp DC was fun. The last time we all got together at Cafe Asia good conversations happened and I wish that I could have been there this time too.
Regarding Facebook, Arrington and his guy Nik only have the latest and most obvious problem. I mentioned another vulnerability to Facebook last week and provided more details about it this morning here:
http://jobmatchbox.com/2007/08/12/social-network-security-update/
Bob
Jobmatchbox.com
August 12th, 2007 at 4:58 pm
Facebook Source Code Leak, Porn 2.0, Spock Launches, Personalize Jib Jab, Change of myAOL Heart …
Photo of the Week: A couple of Maine Lobstahs! from a myAOL East Coast team surf turf event I attended on Friday. It doesn’t get a whole lot more summer than that this. Somewhat Frank Weekly Tidbits: 08.12.2007 Change of…
August 16th, 2007 at 6:57 am
[…] legal team once the individual who leaked the source code failed to shut down the site. Sunday, I guessed that it would take 48 […]