Finallllllllly Facebook Hacked
^^some facebook employees' laptops were infected when vising a mobile developer's site infected with a 0-day java exploit.obviously these employees when connected to facebook internal network the malware too got access to facebook internal network & which means it was hacked.there is no need to attack dedicated servers if you can sniff the information flowing through the internal network.this is how twitter network was affected & by the time network administrators realised(couple of minutes only) the malware had already sent the account info of ~250000 twitter accounts to a remote server.
^^not stupid but genius.do you really think a person who has acquired/create a 0-day exploit(which btw sells for ~$10000 per person in underground market) will use it on a pr0n/sh1t site?it's like saying a person who has a nuke using a donkey to carry it.hacker/hackers probably tracked those employees for a long time to figure out which site they usually visit & which is related to their work & then hacked the web server hosting that site(which is much easier for such guys) to infect that site with their 0-day exploit.
this attack was exciting because it used a 0-day java exploit to install a malware which slipped past latest antiviruses/firewalls.it just proves that there is no protection against a good 0-day exploit on a pc connected to net.also it does not happen to any site any time because the biggest advantage of 0-day is that no body knows about it until it hit someone & after that its value drops greatly.in facebook case as soon as this exploit was detected,facebook notified oracle & they are currently in the process of releasing a patched version of java to address this issue.
something like that.basically it means an exploit which takes advantage of some flaw in a software/OS which may or may not be known before.it doesn't mean that there was a paper published which said there is an exploit.it means in that software/OS paper there was a scenario describing an operation which can result in an error just like a random point in a 100 page performance report & someone actually managed to use that scenario to create an exploit which allows him to run any operation with admin rights on a pc running that software/OS.of course it is also possible that someone actually managed to figure out an exploit which even developers of that particular software/OS are not aware of.in both cases the person has an exploit which he knows can work but no body else knows so when that exploit is used for the 1st time it becomes a 0-day exploit because there was no previous record of such exploit in the cyber space.
P.S.btw the 0-day java exploit used in this facebook attack was based on a vulnerability already known to oracle & they were to release a patch on 19th feb to fix it but this facebook attack forced them to accelerate the patch release process.
Java CPU Feb 2013
P.S.btw the 0-day java exploit used in this facebook attack was based on a vulnerability already known to oracle & they were to release a patch on 19th feb to fix it but this facebook attack forced them to accelerate the patch release process.
Java CPU Feb 2013
Last edited:
Ankit Omar
Broken In
It's not fair enough to say that Facebook got hacked, that was just the attack on one of their employ's system and fortunate enough they have figured out the entire situation so quickly and adopted the required steps in order to protect their data and users around the world. Later Facebook even asked FBI to investigate the hacker and their motives behind and this case is still under FBI investigation results yet to be announced.