 |
Facebook founder Mark Zuckerberg: sleepless nights? |
A misconfigured server caused part of Facebook source code to be revealed, it was annouced on Saturday. Instead of processing the PHP code, on which Facebook is built, the misconfigured server sent it back as raw text to a user, revealing the code of this given page.
“A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately,” said Facebook in an official response to a Techcrunch story.
“It was not a security breach and did not compromise user data in any way […] the code offers no useful insight into the inner workings of Facebook”.
The code was posted on a Blog called ‘Facebook Secrets’ and several Bloggers mentioned the gaffe. Facebook lawyers were quick to take down all portion of the leaked code off the sites and blogs which reproduced it.
“The posting of these materials infringes the copyrights of Facebook, Inc., and we request that you immediately remove the materials from your site” reads a Cease and Desist email from the Facebook legal department sent to Bloggers.
Although embarrassing, the leak is harmless to Facebook as vital part of the code such as user data, passwords and logins were kept safe. For programmers however it is eye-candy as it gives them a look at how a major web application functions.
“As a programmer I did enjoy the chance to see how some people approached making a social site like that from a logic stand point. Good read!” a commentary to the Facebook Secret blog post reads.
A properly configured server will parse the PHP code and output the webpage, however if a configuration error occur, the code can be revealed.
“It is possible to configure the PHP module of an Apache server to show certain page/code blocks as normal text; this is often done for tutorial sites where instead of parsing the PHP it simply shows it to the end user,” explained a developer to Digital Media Europe. “They should be really happy nothing sensitive got exposed”.
What is more damaging for facebook is that the leak will fuel the debate as how secure data stored on Facebook accounts is. With the growing success of social networking sites and Facebook, privacy issues for million of users are at stake.
In a recent Times story, it was pointed out that out of its 34m user base, several are exposing themselves to identity theft. A research conduced by Sophos, a leading IT security company showed that two in five Facebook users are giving away sensitive details including date of birth, phone number and workplace.
To achieve this Sophos created a fake Facebook account named Freddi and sent requests to be added as a Facebook friend to several users.
“In the majority of cases, Freddi was able to gain access to respondents’ photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts. Many users also disclosed the names of their spouses or partners, several included their resumés, while one user even divulged his mother’s maiden name - information often requested by web-sites in order to retrieve account details. He now has enough information to create phishing e-mails or malware [malicious software] targeted at individual users or businesses, to guess users’ passwords, and impersonate or even stalk them,” said Graham Cluley, senior technology consultant in the Times.
http://technology.timesonline.co.uk/tol/news/tech_and_web/the_web/article2253720.ece
http://www.techcrunch.com/2007/08/11/facebook-source-code-leaked
Users of Yahoo Photo are now encouraged to turn to Flickr asYahoo has decided to close on 20 September 2007 the weakest of its two photo sharing services. The move follows months of decline for Yahoo Photo and a rise in Flickr market share.