I’ve been following an interesting story about Facebook that’s been playing out over the past couple of days. The original, and best coverage, was reported on Techcrunch, where Nik Cubrilovic reported the exposure of Facebook’s sourcecode for the application’s main index page. Facebook’s Brandee Barker responded to the report in the comments section, and didn’t do much to allay fears about Facebook’s security, not to mention their sophistication.
According to Barker a misconfigured Apache server exposed the source code, not a hacker, which, Barker explains, means it’s not a security breach. Uh huh. She also says the code is essentially worthless since it doesn’t shed any light on the application’s structure. But then she quickly points out that this oh so meaningless code that is not in any way a security problem for Facebook is, however, protected property and that publishing the leaked code is a “violation of several laws.”
Now I’m worried. Because while this particular issue is not the kind of security breach that threatens user data, it shows two very serious weaknesses in Facebook’s operations. First, it has weak development DNA. The code was unsophisticated, and the misconfiguration of the server is a bad sign for such a huge site. Second, their response to the problem is to deny it rather than to take it head on. Facebook users are now on notice that protections for user data are likely unsophisticated, and users will be the last to know when a real problem exists. Not good news for Facebook or its users.
The story has also led to some other, peripheral concerns about user data on Social Networking sites, as reported
in The Register. Be careful about the personal data you put in your profile. When you’re just getting started, you may think your data is only going to be seen by “Friends”. But as you get more engaged, the criteria of who you admit as “Friends” may broaden far beyond your original intentions, and you may be exposing personal data to people you don’t know–people who may want to use that data for nefarious purposes.