Card refuses to swipe. It's got swipe fatigue
|
|
|
Facebook engineer loses security challenge
A SENIOR SECURITY ENGINEER at the social notworking site Facebook who was responsible for site reliability engineering is probably regretting laying down a challenge to his mates.
According to TechCrunch, the unnamed employee was so proud of his security set up that he challenged his workmates to hack Facebook's administrative system via information obtained from his page.
It took only two weeks, but we assume they were not full time on it.
Apparently the way they did it was via his home WiFi network. They intercepted data from his home network after capturing his WPA password by luring him into logging into a rogue WiFi SSID that appeared to be his own router.
It is not that difficult to do, apparently. Once they got in they sniffed his home network, monitored his Internet activity and obtained clear-text passwords.
These are all well known attack vectors so it is a little sad that the security engineer, who should have known it was coming, didn't work out a way of stopping it. It would have been a lot worse if the challenge had been open to every hacker on the world wide web. µ
Share this:
Share
how did he got the job at Facebook as senior security engineer, if he can't even secure his own networks.
Sound to me like there are too many over hype people out there bragging their expertise, yet the world is a lot less safer than what it used to be.
More likely, he uses the same password for several services, including his work account, and one of those services passed info in cleartext. Such as, POP3 or IMAP.
You're telling me he wasn't using proper encryption/VPN to administer facebook? Somehow I can't believe it...
So maybe they hacked his home computer and installed a trojan/password logger there?
Sounds like some pretty lame infosec there.