Facebook lets source code slip

By on
Facebook lets source code slip

Misconfigured web server leaves site red-faced.

A portion of the source code for social networking site Facebook was inadvertently made available recently because of an incorrectly configured web server hosting the code.

A copy of the code was posted on the Facebook Secrets blog which appears to have been created specifically to post the code.

"A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately," said Brandee Barker, a spokeswoman for Facebook.

"It was not a security breach and did not compromise user data in any way. Because the code only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook."

The leak comes just weeks after the site's founder had to defend himself against allegations that he stole the source code source from fellow university students.

The problem appeared when the page showed the un-interpreted source code for the main index page rather than returning the standard output.

The problem has been put down to a server misconfiguration, or a known bug in the Apache server which may occur when the server experiences high loads.

Despite Facebook's assertions that there are no security issues surrounding the leak, security experts have warned that access to the application source code is always useful to hackers looking to subvert or compromise a website.

"Anytime that source code is accidentally revealed, there is potential for an increase in risk," said Pete Lindstrom, a senior security analyst at Burton Group.

He added that when a company dismisses the security implications of such an incident, there are likely to be real security issues.

"There are enough folks out there trolling the websites who will be perfectly happy to try to identify vulnerable areas that could be exploited," said Lindstrom.

"If you release source code into the wild, you are going to have some level of increased risk associated with it. I cannot think of a case where you would not."
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
code facebook lets security slip source

Sponsored Whitepapers

The 5 steps to effective data protection
The 5 steps to effective data protection
Understanding the next security control points: applications and workloads
Understanding the next security control points: applications and workloads
Best security practices after rapid Digital Transformation
Best security practices after rapid Digital Transformation
The CISO View 2021 Survey: Zero Trust and Privileged Access
The CISO View 2021 Survey: Zero Trust and Privileged Access
How and why to backup your Office 365 tenant
How and why to backup your Office 365 tenant

Events

Most Read Articles

NSW Justice takes charge of massive government ERP consolidation

NSW Justice takes charge of massive government ERP consolidation
Nvidia preparing to walk away from Arm acquisition

Nvidia preparing to walk away from Arm acquisition
NBN Co sheds 1200 satellite customers since December

NBN Co sheds 1200 satellite customers since December
Accenture wins $163m deal for single NSW gov ERP system

Accenture wins $163m deal for single NSW gov ERP system

Digital Nation

Highlights 2021: Automation drives marketing success but complexity torments delivery
Highlights 2021: Automation drives marketing success but complexity torments delivery
Catastrophic governance failures are rooted in organisational culture
Catastrophic governance failures are rooted in organisational culture
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Case Study: Intrepid Group uses global travel shutdown to reimagine HR function
Fringe innovation unlocks power of diverse thinking
Fringe innovation unlocks power of diverse thinking
Case Study: Keeping CPA's board up to date about cybersecurity risks
Case Study: Keeping CPA's board up to date about cybersecurity risks

Log In

Email:
Password:
  |  Forgot your password?