Facebook sufferes security breach

BrianHonan

Looks liek Facebook are another of the recent victims in the media field to be breached. THis time it is a Java zero day on a mobile developer website visited by Facebook enigneers. Despite the laptops being fully patched and their anti-virus up to date the exploit was used to download previosuly unknown malware onto their laptops.

Facebook detected the attack by checking their DNS logs and noticing traffic to an unusual domain. They have since worked with law enforcement to shut the site down and inform other victims.

Even though they got breached its a good overview of how an effective layered defence can detect previously unknown attacks and how good logs can assist in this and in the forensic investigation.

Details on Facebook's site https://www.facebook.com/notes/facebook-security/protecting-people-on-facebook/10151249208250766 and more details in an Ars Technica article http://arstechnica.com/security/2013/02/facebook-computers-compromised-by-zero-day-java-exploit/

syklops

The Chinese - a great bunch of lads!

MiamiMice

Any idea on the url of the mobile developer site? Would be useful to check firewall/web logs to see if it has been visited recently.

Khannie

syklops wrote: »

The Chinese - a great bunch of lads!

HAHA. The full extent of this became clear today with that damning report.

"Ah no. It definitely wasn't us. Sure we got hacked once."

900913

How we hacked Facebook with OAuth2 and Chrome bugs TL;DR We (me and @isciurus) chained several different bugs in Facebook, OAuth2 and Google Chrome to craft an interesting exploit. MalloryPage can obtain your signed_request, code and access token for any client_id you previously authorized on Facebook. The flow is quite complicated so let me explain the bugs we used.

http://homakov.blogspot.ie/2013/02/hacking-facebook-with-oauth2-and-chrome.html