[kictanet] Facebook Security Breach

Harry Delano harry26001 at gmail.com
Sat Sep 29 16:46:00 EAT 2018 

Hey Ebele,

I suppose I simply followed your cue, specifically here==>" |We continue to
investigate and learn more, but please do let me know any specific questions
|" prior to fully interacting with the security page information updates.
It's got some of the info I needed to know.

But I have a couple of questions below, feel free to escalate as you had
suggested. We are all learning/helping each other get better as a tech
community;

- How much rigorous source code security vulnerability tests, was the
'upload video' feature that supposedly triggered "user access tokens"
stolen by "3rd" parties as indicated by Pedro in you security update,
subjected to before it went live..?
- Beyond the routine in-house system analysis/audits/testing that probably
missed this vulnerability, was this feature subjected to Bug bounty hunting
( External audit resources)...?   Was it given a "clean bill of health"..?

Thanks
Harry




On Sat, Sep 29, 2018 at 1:12 PM Ebele Okobi <ebeleokobi at fb.com> wrote:

> Hi!
> Are you asking for a representation of the specific line or lines of code,
> of the multiple millions of lines of code that make up FB code base? If so,
> I don’t have that, and it’s not the kind of information any company has
> ever released after a breach. But do correct me if I’m wrong? I’m also not
> sure how helpful that would be, but grateful for insight there.
>
> That said-Facebook knows that our platform is one of the most attractive
> platforms in the known world for virtually every bad actor in the world. So
> we have multiple teams constantly assessing vulnerabilities, running
> scenarios, doing everything possible to harden us as a target. And to the
> second question, the teams have to try to anticipate and foresee any and
> every possible risk.
>
> Ebele Okobi | Public Policy Director, Africa
>
>
>
> On Sep 29, 2018, at 9:50 AM, Harry Delano <harry26001 at gmail.com> wrote:
>
> Hey Ebele,
>
> What specific code that was breached had the vulnerability on the
> platform, and just how difficult was this breach to be foreseen and
> forestalled..?
>
> Harry
>
>
>
> On Sat, Sep 29, 2018, 10:36 Ebele Okobi via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> Hello, All-
>>
>> Just making sure you have all seen this. We continue to investigate and
>> learn more, but please do let me know any specific questions. I may not yet
>> know the answers, but it would be very helpful for me to escalate.
>>
>> https://newsroom.fb.com/news/2018/09/security-update/
>>
>> Ebele Okobi | Public Policy Director, Africa
>>
>>
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.kictanet.or.ke_mailman_listinfo_kictanet&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=ArvepG4_wcNu_X9xi3nb_Xa9WsGLVfmK6mwPdVONOTE&m=O1h_XpASYxIlr18vqUENPckAjem0x_H5wqKrXjFE464&s=pQA_yFIG0idcsCpuC3F9uJxDb2Ke_H2LBTztrpl3s54&e=>
>> Twitter: http://twitter.com/kictanet
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__twitter.com_kictanet&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=ArvepG4_wcNu_X9xi3nb_Xa9WsGLVfmK6mwPdVONOTE&m=O1h_XpASYxIlr18vqUENPckAjem0x_H5wqKrXjFE464&s=YFwO03KXLCJXWc8PRyAwoOyJXr0WCLPlLcc3b9NNDRE&e=>
>> Facebook: https://www.facebook.com/KICTANet/
>> Domain Registration sponsored by www.eacdirectory.co.ke
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.eacdirectory.co.ke&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=ArvepG4_wcNu_X9xi3nb_Xa9WsGLVfmK6mwPdVONOTE&m=O1h_XpASYxIlr18vqUENPckAjem0x_H5wqKrXjFE464&s=eGHRh6DN6cARqoSgAWEo2lnuDwyLdNeo2ndgras4L3c&e=>
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/harry26001%40gmail.com
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.kictanet.or.ke_mailman_options_kictanet_harry26001-2540gmail.com&d=DwMFaQ&c=5VD0RTtNlTh3ycd41b3MUw&r=ArvepG4_wcNu_X9xi3nb_Xa9WsGLVfmK6mwPdVONOTE&m=O1h_XpASYxIlr18vqUENPckAjem0x_H5wqKrXjFE464&s=U6nR8Mr0jNGP63wH1odaSfAfI35zkY7SYfgBb4Ps7SY&e=>
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20180929/30b68b28/attachment.htm>

More information about the KICTANet mailing list