Facebook lets source code slip

By

Misconfigured web server leaves site red-faced.

Facebook lets source code slip
A portion of the source code for social networking site Facebook was inadvertently made available recently because of an incorrectly configured web server hosting the code.

A copy of the code was posted on the Facebook Secrets blog which appears to have been created specifically to post the code.

"A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately," said Brandee Barker, a spokeswoman for Facebook.

"It was not a security breach and did not compromise user data in any way. Because the code only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook."

The leak comes just weeks after the site's founder had to defend himself against allegations that he stole the source code source from fellow university students.

The problem appeared when the page showed the un-interpreted source code for the main index page rather than returning the standard output.

The problem has been put down to a server misconfiguration, or a known bug in the Apache server which may occur when the server experiences high loads.

Despite Facebook's assertions that there are no security issues surrounding the leak, security experts have warned that access to the application source code is always useful to hackers looking to subvert or compromise a website.

"Anytime that source code is accidentally revealed, there is potential for an increase in risk," said Pete Lindstrom, a senior security analyst at Burton Group.

He added that when a company dismisses the security implications of such an incident, there are likely to be real security issues.

"There are enough folks out there trolling the websites who will be perfectly happy to try to identify vulnerable areas that could be exploited," said Lindstrom.

"If you release source code into the wild, you are going to have some level of increased risk associated with it. I cannot think of a case where you would not."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
codefacebookletssecurityslipsource

Sponsored Whitepapers

Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"
SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?