Hacker News new | past | comments | ask | show | jobs | submit login

Nice work, very detailed. However this is hack of Accellion’s Secure File Transfer. How should Facebook, or anyone for that matter, protect themselves in these cases? I mean other then some obvious ones like not running as root, limiting file access, limiting network access to other servers...



Reason about the software as if it has already been compromised. Think about how user credentials and private keys the server touches can be used to attack other internal services, and try to limit the scope as much as possible.


Which is apparently exactly what Facebook does with this thing.


To be fair it looks like they aren't purely using SSO which is what provided the credential scrapping attack vector that was used by someone else.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: