Potentially Serious Facebook Threat First Denied then Secured [TECH]
Facebook is pleased to announce that it has successfully sealed off the very same security breach it simultaneously maintains never existed in the first place. According to Jeremy Kirk of IDG News Service, the security threat that users of the popular social-networking site were being exposed to up until recently was uncovered in its messaging service.
Facebook had initially denied the existence of any such security issue despite the fact that the same vulnerability had already been exploited multiple times to successfully gain access to sensitive information belonging to a number of other organizations. RSA which specializes in, of all things, network security authentication technology is one such company who claims to have been victimized.
Nathan Power, an employee of mega-sized, technologies service provider, CDW, announced the news in a recent blog update at securitypentest.com. Nathan may wish to consider updating his resume this time and perhaps taking a class in basic security protocol.
Lesson I: Do not post proprietorially sensitive material on your blog site.
In any case, the security issue in question made it possible for Facebook members to send “executable,” or “program” files containing malicious software to other members via Facebook's popular messaging feature. These messages could apparently be sent out whether the sender was in the recipient's friends list or not. Such files are often used to carry viruses, worms, and other forms of malicious programs which, once installed and opened, can then infect the recipient's system.
Meanwhile Facebook's media relations department continues to deny the problem ever existed. However, RSA , and a number of others, including at least one defense contractor, just might beg to differ.
And while it may be perfectly reasonable to suggest that both Facebook, and RSA might have a mutually vested interest in keeping this sort of information out of the public domain, only the most cynical and paranoid among us would accuse them of actually doing so.