How could they not know?
I cannot understate the shock I experienced to learn that Facebook didn’t know about this problem for so long. To me, this indicates a clear absence of checks, balances, and audits that would’ve made such an occurrence obvious to anybody looking for it. Facebook claims to have discovered this in January of this year in a “routine security review” – which begs the question, how many such “routine” reviews have occurred since 2012 (the earliest instance of the problem according to Krebs’ senior Facebook source), and why didn’t they uncover this grievous error?
Process Issues Are Requisite for This to Happen
As some of you are aware, I developed the IntelliGO Platform, so I know a thing or two about software development. The burning question for me is, how do developers have access to production data at all, let alone passwords, in the first place?
The fact that this was able to be written (Read more...)
*** This is a Security Bloggers Network syndicated blog from IntelliGO MDR Blog authored by Adam Mansour. Read the original post at: https://www.intelligonetworks.com/blog/facebook-password-debacle