Facebook's source code revealed and leaked online

Troubled social networking site Facebook, has another problem to add to the list this morning.

Facebook has had to content with a recent court case in the States in which the site's founder Mark Zuckerburg, is accused of stealing the idea, code and concept behind Facebook.

Also problematic for the site was the recent rash of UK companies pulling their advertising from the website when their ads appeared against undesirable content.

The latest headache for the Facebook team is that some of the site's source code has been leaked on to the internet.

The leak, thought to be a server misconfiguration rather than a hack, has meant that Facebook, a closed source application, could now be open to future vulnerabilities.

The source code, for the main page of the site, was quickly published to "Facebook Secrets", a blog that seems to have been set up purely to distribute the code, which is still live now.

An official response from Facebook, on the site that broke the news, stated:

"A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately."

"It was not a security breach and did not compromise user data in any way. Because the code that was released only powers the Facebook user interface, it offers no useful insight into the inner workings of Facebook."

"The reprinting of this code violates several laws and we ask that people not distribute it further."

Although this has not resulted in a security breach, analysis of the code will help hackers find security flaws, which may mean future security issues for the site.

On the subject of site security, at the recent Defcon hackers conference, the security of social networking sites was on the agenda.

Rick Deacon, an American network administrator who discovered a major MySpace flaw stated to AP:

"Facebook and MySpace both patch things that they find, but it's like a sandbox", Deacon said.

"There's so much. And there are probably hundreds more cross-site scripting vulnerabilities there. There's no way they can find them all."



>