Last week Mark Zukerberg showed off the new Facebook Timeline during the company’s f8 keynote. Announced as a new way of presenting yourself on Facebook, the Timeline is an autobiography of your Facebook-shared life. But how Facebook is securing that life could surprise you.
While hacking is usually looked upon as a means to bring a company down, Facebook seems to using it for good. They’re not just hiring hackers to work at the company, they’re asking hackers in the wild to find vulnerabilities — for cash. Last year Pedram Keyani, an engineering manager at Facebook, issued a challenge to his staff, crack Facebook security. The team was able to gain access to Keyani’s account, by hacking his home W-Fi network. What they weren’t able to do was access Facebook’s corporate and administrative systems.
This probably wasn’t the first, or the last time Facebook did this. Keyani regularly hosts hackathon events at Facebook and has stated that, “Facebook is run by Hackers“. Considering Zuckerberg’s hacking past, it’s not that big of a surprise.
While Facebook has been guilty of allowing third-party apps to gather information from its users and the phishing/lifejacking scams on the site continue to have an impact on users individual accounts, the site itself has not been the victim of a system-wide security breach. In other words, while Sony and credit card companies are sending out emails warning their users that their accounts may have been hacked, Facebook has so far steered clear of this phenomenon.
Unsurprisingly Facebook won’t talk about their security or give me access to their security team. They did issue the following statement. “Security is a top priority for us, and we invest lots of resources in protecting our site and the people who use it from attacks.”
Facebook states that they “hire the most qualified and highly-skilled engineers and security professionals at Facebook”, but that they are enlisting outside help. “With the recent launch of our Security Bug Bounty Program, we continue to work with the industry to identify and resolve legitimate threats to help us keep the site safe and secure for everyone.” Not only is Facebook hiring hackers, they are enlisting the help of white hat hackers.
The company is encouraging people to disclose Facebook security vulnerabilities in a responsible manner. If the disclosure is valid, a submission could land someone $US500. More if the bug is significant enough. As of the end of August, Facebook was paying an average of $US1500 a day to white-hat hackers. Facebook’s chief security officer, Joe Sullivan told The Telegraph, “The program has also been great because it has made our site more secure — by surfacing issues large and small, introducing us to novel attack vectors, and helping us improve lots of corners in our code.”
Of course you’re only as good as your last security breach. If Facebook intends for the “story of our lives” to be easily accessible with Facebook Timeline, they’ll need to make sure their users continue to feel safe posting their information online. While a full fontal attack has yet to take Facebook down, it’s the tiny individual attacks on its users that are chipping away at the company’s credibility. Yesterday’s cookie tracking debacle hasn’t helped garner any trust and phishing is still a problem. If they continue to lose their user’s trust , no amount of hacking will fix that.