Successful Failure: Facebook Employees Challenged to Crack Security

Posted on July 07, 2010 by .

Share and Enjoy:
Follow Me on Pinterest More More

Facebook Security Challenge was a Successful Failure

Facebook Security Challenge was a Successful Failure


The guys at TechCrunch.com recently posted that employees challenged to crack facebook’s security succeeded in doing so. After all of the privacy concerns within Facebook lately, it is no wonder that their employees are in the process of making sure Facebook is up-to-par on the security front.

One of the engineers at Facebook responsible for site reliability, I didn’t know there was such a thing, recently challenged Facebook employees to try and compromise him and gain access to Facebook’s administrative system. They thought they could do this through information gathered from the engineer. After 2 weeks the employees were able to successfully able to hack into his home WiFi network and then monitor his internet activity allowing them to obtain passwords and one to his personal Facebook account.

Although in the end the employees were able to comprise his home WiFi and access his personal Facebook account, they were not able to hack into Facebook’s administrative or corporate systems. Bottom line is, Facebook is secure enough to the point that employees set-out to compromise administrative systems were not able to accomplish that specific task so they resorted to hacking the engineers home network to get a password thinking then they could get access. Even with the passwords in hand, the employees could not access any of Facebook’s admin or corporate portals.

What does this prove? According to the engineer who made up the challenge, it proves that Facebook’s security systems are effective enough to deny access to any administrative or corporate systems.

Facebook engineer Pedram Keyani, who setup this challenge, responded to Techcrunch in the comments with the following statement:

I’m the engineer who made the challenge and I want to clear up some
misunderstandings. First, we perform tests on the integrity and security of
our site all the time. Second, in this particular case, the challenge
demonstrated the effectiveness of Facebook’s security systems, not the
opposite, Despite months of work and hundreds of hours of effort by a team
of specialized security engineers, the team was NOT able to access
Facebook’s administrative or corporate systems. While they were able to
access my personal Facebook account, they were not able to use this
information to access any other account on Facebook. Finally, challenges
like this are a great way for us to apply our best thinking and skills to
identify risks to our systems. We think our efforts should give users
greater confidence in Facebook and its administrative systems, not less.

Does this make you feel any better about the information that you trust Facebook with?

Popularity: 11%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word