Thursday, August 23, 2007

Facebook's code Leakage...




“None is safe. Repent of thine evil. The gates of heaven will be hacked next, and the blueprint to creation posted on the web.”


Isn’t that cute?

I got that from one of the comments on techchruch’s post on facebook's source code leakage.

From all indications it appears that facebook is not under any serious security threat. And the reason why we have this entire hubbub over the code spill is simply because its facebook (that’s what happens when you are that big).

Apparently the cause of the leakage isn’t due to flaws in FB’s code or it being hacked, like I was initially made to believe, but it was due to lapses on the part of their sysadmin. It was simply human error.

According to Brandee Barker of facebook :
… Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way…


So you might want to say that there is nothing to fear right?

Sure there was no leakage of any sensitive user centric data; nonetheless this little incidence will have put a scare in quite a number of people causing them to ask the question of security; how safe are all these social networks? How safe is it to give out accurate information about oneself on social networks? How vulnerable to identity theft does one become by getting too deep into socializing via social networks?

There have being incidence of people meeting with malicious experiences via contacts with social networks. Statistic even shows that online identity theft is one the increase, according to this article, that is.

So should we eschew social networks in its entirety? I think not! There are a whole lot of benefits that can be derived from them. I guess we just need to be a little more cautious of our interaction on social networks and the amount of information about ourselves we divulge.

As a developer, I guess one should pay more attention to security issues (one aspect that is often overlooked or relegated to an after thought), and making sure applications passes through adequate development-stage testing before implementation on the production server.

Sure this might just be a trivial slip (which I think it is) but it was a costly slip.

But come to think of it, a couple of days back I wasn’t able to sign in into my new [beta] yahoo mail, I kept being served pieces of codes instead…and the same thing too happened just yesterday. I’m I the only one to have experienced this? And why don’t we have people hollering over that like they are doing facebook?

No comments: