Facebook Java Hack Raises User Ire And Awareness

On Friday Feb. 15, Facebook announced that its internal network was briefly compromised a few weeks ago by a virus hidden in the laptops of a few employees and, despite assurances that user information was unaffected, the users did not react well.

The problem started when Facebook employees visited a website about mobile app design that had been infected by the virus, based on a "zero-day" Java exploit. Zero-day means that this discovery by Facebook was the first time anyone noticed the particular flaw in the Java platform that allowed this virus to work.

The employees, just by visiting the infected website, had their laptops infected as well, which is how the virus got into the company.

Facebook's internal security noticed suspicious activity, which led to one of the infected laptops, which led to the offending file and the exploit that allowed it, which allowed them to recognize any computer that had been infected.

They passed along word to Oracle, the company who owns Java, who put out a patch to plug the hole two weeks ago.

Facebook also contacted law enforcement, which has been conducting an investigation into the infection ever since.

Facebook still insists that the hack was merely internal and caught early, and that it had nothing to do with or any effect on the information with which millions of Facebook users entrust the company.

But according to the comments on the announcement, the users weren't necessarily buying it.

"And we're supposed to believe all this?" Kelly Nichol said.

"More reasons to stick to Google+ and drop Failbook," Courtney Blackburn said.

"STOP!" David Garaj said, "Hammer time!"

The announcement comes just two weeks after Twitter made a similar announcement, about its systems being compromised by a similar Java vulnerability.

While Facebook maintained that its users' data was safe, Twitter's attack allegedly resulted in the hacking of 250,000 user accounts.

Two Java hacks in one month have caused some to raise strong concerns about the use of that increasingly problematic language, including Microsoft Developer Eric Richards.

"It's time to give up on Java as a programming language / development platform," RIchards wrote in the comments of the Facebook announcement. "There's too much risk. Where there are bugs, there are more bugs. Same is true for security issues."

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics