Facebook Employees' Laptops Compromised; User Data Believed Safe 75
Trailrunner7 writes "Laptops belonging to several Facebook employees were compromised recently and infected with malware that the company said was installed through the use of a Java zero-day exploit that bypassed the software's sandbox. Facebook claims that no user data was affected by the attack and says that it has been working with law enforcement to investigate the attack, which also affected other unnamed companies. Facebook officials did not identify the specific kind of malware that the attackers installed on the compromised laptops, but said that the employee's machines were infected when they visited a mobile developer Web site that was hosting the Java exploit. When the employees visited the site, the exploit attacked a zero-day vulnerability in Java that was able to bypass the software's sandbox and enable the attackers to install malware. The company said it reported the vulnerability to Oracle, which then patched the Java bug on Feb. 1."
User data should never be decrypted. (Score:3, Interesting)
I don't see why it would be so difficult to keep user data safe. Keep it encrypted, use a VPN, stream the data to memory but never store any of it unencrypted.
"zero day" is as bad as l337 speak (Score:3, Interesting)
Can we all stop saying zero day? it's just an attempt to sound cool and hackish and it means nothing. it's a vulnerability, and it has an exploit and no patch is available, as opposed to unpatched.
if they release new software that they brag is secure, and you have an exploit that already compromises a vuln, ok, you have a zero day because that's day one of something. then it makes sense. otherwise, it's false street cred and bravado.