Facebook down for "upgrades"; multiple blogs suggest site was hacked

Tuesday, July 31, 2007 

Popular social networking website Facebook went down for unknown upgrades, possibly to circumvent multiple holes that were published in a white paper earlier. From roughly 1:00 to 4:15 pm ET, users reported the site was down.

Blogs have speculated it may be simply a server upgrade, or it may be new features. One web development blogger has even raised the theory that the site was hacked, with the login box showing multiple random email addresses, through "<input>" coding. Another user replied to this posting, saying that they were even able to read the other, random user's inbox. Both a blogger who works at a computing company's office in Johannesburg, South Africa and a Norwegian news outlet reported similar troubles. Many blogs received comments from people with similar circumstances, worldwide.

A white paper by Adrienne Felt, posted on July 27, 2007, explained step-by-step how to use an exploit to hijack a user's account. The white paper was then partially censored by the author, until the vulnerability has been fixed by Facebook. Regardless of whether the change was prompted by this paper, both the XSS hole and problem with forms described by the author were fixed during the upgrade.

The site read "We're upgrading. We'll be back soon." with no further explanation.

This is the first known global outage for the site.

This comes as a rival site, ConnectU, has filed a lawsuit against Facebook founder Mark Zuckerberg for allegedly stealing the idea and the code. The hearing is scheduled for tomorrow.

Also on Wednesday, the Black Hat Briefings computer security conference begins. The conference unites people from "government agencies and global corporations with the underground's most respected hackers."