Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Facebook Responded To Tunisian Hacks

Posted by Soulskill on from the occupying-the-town-of-zuckerberg dept.

jamie writes "Facebook's security team opens up, shedding light on a revolution that could become a parable for Internet activism. Quoting: 'After more than ten days of intensive investigation and study, Facebook's security team realized something very, very bad was going on. The country's Internet service providers were running a malicious piece of code that was recording users' login information when they went to sites like Facebook. By January 5, it was clear that an entire country's worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades. Sullivan and his team decided they needed a country-level solution — and fast. Though Sullivan said Facebook has encountered a wide variety of security problems and been involved in various political situations, they'd never seen anything like what was happening in Tunisia.'"

8 of 227 comments (clear)

  1. Require HTTPS for all connections... by Cryect · · Score: 5, Insightful

    Really is annoying that Facebook defaults to http

    1. Re:Require HTTPS for all connections... by Pojut · · Score: 4, Insightful

      I'd say baffling is more appropriate...as huge as the website is, and with as much personal information being slung around, you'd think they would make it ONLY https at this point...

      --
      Living With a Nerd
    2. Re:Require HTTPS for all connections... by Anonymous Coward · · Score: 4, Insightful

      you lose chat, you lose push notifications and profile editing.

      Awesome! HTTPS actually makes the application less annoying?!?!

  2. Kudos to facebook by operagost · · Score: 5, Insightful

    When Facebook does something right, they should be commended. They easily could have shrugged their shoulders and said, "Not our problem!"

    --

    Gamingmuseum.com: Give your 3D accelerator a rest.
  3. HTTPS by gambino21 · · Score: 5, Insightful

    Article Summary: They switched facebook to use https in Tunisia.

    I wish facebook would consider just switching all traffic to https.

  4. Pay Up by Anonymous Coward · · Score: 5, Insightful

    So Facebook's sales guy called the President of Tunisia and said "Dude, you have to pay for all that user data just like everyone else does. What makes you think you're special?"

  5. Re:Duh by Locke2005 · · Score: 4, Insightful

    A valid point -- end-to-end encryption in both directions is required. Meaning the calls to always use https actually make sense.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  6. Re:Https as commonly employed isn't enough by Mysteray · · Score: 4, Insightful

    In theory, only one end needs to authenticate the other.

    In practice, the website depends on the client to do a good job of this. So if you're running MS Windows, the Tunisan government can put a trusted root certificate in your computer with the endorsement of Microsoft. So even running https everywhere will not save Facebook from Microsoft.

    Try it yourself. If you have access to a Windows machine, visit http://bit.ly/eWYRbA in IE then check your personal cert store for Agence Nationale de Certification Electronique.

    If you think this is a big deal, retweet it or spread the word in other ways. I'm at a loss to explain why people aren't realizing the magnitude of this.

    Of course, what's even better is that it's a CODE SIGNING cert. ;-) Now that's what I call pwned!