In order to avoid the shame like of google, twitter and other IT giants, Facebook security engineers challenged their own selected few engineers to hack into the account , and gain admin previledge, they were free to do whatever test they need to run, and where ever they need to do.
After a couple weeks, the team of employees had, indeed, hacked into the admins personal Facebook account. By hacking his home network with a rogue WiFi SSID, the team was able to get several of his usernames and passwords. It’s impressive that they were able to hack into the account of a site engineer who not only knew it was coming, but arranged for its coming.
But as bad as that sounds, it really isn’t. Because while the employees-turned-hackers were able to get into Keyani’s personal account, they were not able to access the administration functions of the site, which was the real goal of the exercise. In the comments of TechCrunch’s story — which initially spun the hack as more of a straight-up success — Keyani responded. The response included this clarification:
I’m the engineer who made the challenge and I want to clear up some
misunderstandings. First, we perform tests on the integrity and security of
our site all the time. Second, in this particular case, the challenge
demonstrated the effectiveness of Facebook’s security systems, not the
opposite, Despite months of work and hundreds of hours of effort by a team
of specialized security engineers, the team was NOT able to access
Facebook’s administrative or corporate systems. While they were able to
access my personal Facebook account, they were not able to use this
information to access any other account on Facebook. Finally, challenges
like this are a great way for us to apply our best thinking and skills to
identify risks to our systems. We think our efforts should give users
greater confidence in Facebook and its administrative systems, not less.
Post a Comment