Security News

Matrix-based communications and collaboration app Element has continued its mission to make bridges into the decentralised network a little more commercially acceptable with connectivity for Signal. Amandine Le Pape, co-founder of Element, had already given WhatsApp a jab with the privacy blade the last time we spoke and Element's CEO, Matthew Hodgson, joined the party during our chat about the Signal bridge.

As of Monday night, Facebook had crawled back from what may have been its longest blackout ever and apologized for the mass outage that left billions of users locked out of Facebook, Instagram, WhatsApp, Messenger and Oculus VR for about six hours. When it comes to gauging Facebook's worst blackout ever, accounts vary: CNBC reported that Monday's outage was the longest downtime that Facebook has experienced since 2008, when a bug knocked its site offline for about a day, affecting some 80 million users.

Facebook says that yesterday's worldwide outage was caused by faulty configuration changes made to its backbone routers that brought all its services to a halt. "Our engineering teams have learned that configuration changes on the backbone routers that coordinate network traffic between our data centers caused issues that interrupted this communication," said Santosh Janardhan, VP for Engineering and Infrastructure at Facebook.

Facebook - along with Instagram and WhatsApp - went down globally today. At approximately 11:39 a.m. ET today, someone at Facebook caused an update to be made to the company's Border Gateway Protocol records.

Facebook, Instagram, and WhatsApp are starting to come back online after a BGP routing issue caused an over five-hour worldwide outage. As explained by Giorgio Bonfiglio, a Principal TAM at Amazon AWS, various Facebook routing prefixes had suddenly disappeared from the Internet's BGP routing tables, effectively making it impossible to connect to any services hosted on their IP addresses.

As of Monday afternoon, Facebook had been flat on its face for hours, suffering a simultaneous worldwide outage not only on its main site, but also at its Instagram, WhatsApp, Messenger and Oculus VR subsidiaries. The New York Times reported that Facebook's internal communications platform, Workplace, was also dragged offline, "Leaving most employees unable to do their jobs." It's been a thumb-twiddling afternoon, the Times reported, with two Facebook employees comparing it to a "Snow day."

Users worldwide are reporting that they are unable to access Facebook, Instagram, and WhatsApp, instead seeing errors that the sites can't be reached. When attempting to open any of the three sites, they are given DNS PROBE FINISHED NXDOMAIN errors and advised to check if there is a typo in the domain entered in the address bar.

BBC R&D discovered it too didn't much like the way personal data was in the hands of the wrong people. You keep your personal data stored on an edge device you control.

Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. In a nutshell, the utility allows developers to frame rules for different data flows to scan the codebase for in order to unearth potential issues - say, intent redirection flaws that could result in the leak of sensitive data or injection vulnerabilities that would allow adversaries to insert arbitrary code - explicitly setting boundaries as to where user-supplied data entering the app is allowed to come from and flow into such as a database, file, web view, or a log.

Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications. "A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.