No pasaron siquiera dos semanas para que los usuarios afectados por el incidente a los servidores de Twitter tuvieran que reflexionar acerca de la seguridad de los sistemas de información de los proveedores de redes sociales y por ende, acerca de la información que a través de ellas comparten, y de nuevo hoy tienen que reflexionar en lo mismo:
¿qué tan segura es la red social que utilizo?
Esta pausa obligada que invita a la reflexión surge porque hoy Facebook avisa a todos sus usuarios que han sido víctimas de un problema de seguridad derivado (desde mi perspectiva de una incorrecta práctica de seguridad informática al interior de Facebook) de visitar a uno de sus proveedores de apps en donde las laptops del equipo de Facebook fueron contaminadas con un virus.
Como consecuencia del contagio se generó la vulnerabilidad de tener un ataque de 0-day misma que, como indica Facebook, fue corregida a tiempo y por ende la afectación no llegó a más.
¿Cómo se traduce? en que a diferencia de Twitter, la versión de Facebook indica que no se tuvo acceso a información personal de los usuarios.
Con este panorama de incidentes informáticos tan cercanos, la pregunta al aire es ¿qué tan seguros se sienten al compartir información personal, en muchos casos incluso empresarial, a través de sus redes sociales?
A continuación, para no perder la costumbre del comunicado hecho por la fuente de inspiración de este post, ahí va:
Protecting People On Facebook
De Facebook Security
Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service. The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.
Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.
We have found no evidence that Facebook user data was compromised.
As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future.
Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.
After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.
Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.
There are a few important points that people on Facebook should understand about this attack:
– Foremost, we have found no evidence that Facebook user data was compromised.
– We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.
We encourage people to submit any security vulnerabilities that attack our services to our Bug Bounty Program.