Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Hacker finds Facebook backdoor leaking usernames and passwords
#1
[Image: facebook_mac.jpg]


The use of bounty programs to track down security vulnerabilities in websites and software is increasingly common these days, and it's a tactic employed by Facebook. One bounty hunter -- or penetration tester -- hacked his (or her… they are anonymous) way into the social network and made the shocking discovery that someone had already installed a backdoor.

Orange Tsai managed to compromise a Linux-based staff server and found there was already a piece of malware in place syphoning off usernames and passwords. These account details were being transmitted to a remote computer, and after revealing this to Facebook, Tsia pocketed $10,000 as a reward.

Facebook says that the malware was installed by a security researcher who was trying to earn themselves a bounty. Tsai, who works for Devcore in Taiwan, has provided a detailed write-up of what poking around Facebook servers revealed. Using a reverse lookup, Tsia discovered the existence of files.fb.com which was running Accellion's Secure File Transfer service which is known to suffer from certain vulnerabilities.

Using an SQL injection vulnerability, Tsai was able to execute remote code on the server and gain control of it. It was at this point that password-stealing PHP scripts were found to be present.

In a statement, Facebook security engineer Reginaldo Silva said:

    We're really glad Orange reported this to us. In this case, the software we were using is third party. As we don't have full control of it, we ran it isolated from the systems that host the data people share on Facebook. We do this precisely to have better security.

    We determined that the activity Orange detected was in fact from another researcher who participates in our bounty program. Neither of them were able to compromise other parts of our infrastructure, so the way we see it, it's a double win: two competent researchers assessed the system, one of them reported what he found to us and got a good bounty, none of them were able to escalate access.

Facebook stresses that no user information was compromised by the backdoor.
source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  New SideWalk Backdoor Targeting U.S. Computer Retailers mrtrout 0 1,348 08-27-2021 , 01:22 AM
Last Post: mrtrout
  Researchers Warn of Facefish Backdoor Spreading Linux Rootkits mrtrout 0 779 05-28-2021 , 10:58 PM
Last Post: mrtrout
  Bizarro Banking Trojan Sports Sophisticated Backdoor Bjyda 0 734 05-23-2021 , 09:22 PM
Last Post: Bjyda
  FireEye finds new malware likely linked to SolarWinds hackers Bjyda 0 1,341 03-04-2021 , 07:15 PM
Last Post: Bjyda
  Geeni smart doorbells, cameras riddled with flaws, research finds Bjyda 0 844 02-06-2021 , 11:19 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)