More news about Apple and Facebook hacks

Facebook logo big

We know that some of the major websites got hacked this month and last month, and most of these hacks appear to be done by the same group of hackers. There were hacks on company websites, social networks, newsgroups, military establishments, government sites, and more. But now, the investigating team at Facebook which is working hard at finding out who infected the computers of Facebook employees, has come up with a possible track.

The sources close to this investigating team say that the website iPhoneDevSDK is an iPhone development website which is often visited by mobile developers. And since Facebook also develops mobile apps, its programmers are looking for info about these things online. And they could have got routed to this website and then got hacked. This works really well with Apple’s case as well, for obvious reasons.

To back this up, the investigators have found malicious code inserted into the HTML code of the iPhoneDevSDK’s website. And since Java is the exploit used in both Apple’s and Facebook’s cases, and since the same group of hackers are attributed the credits for both cases, the two hacks are said to be connected. But still, it is not clear if any of the Apple workers are infected by the iPhoneDevSDK hack.

Twitter, on the other hand, has not yet revealed how it got hacked. But it has for sure advised its users to have Java disabled on their web browsers. It is sad to see that the technology which was once preferred by so many programmers is now one of the most insecure platforms.

Anyway, coming back to the hack, the iPhoneDevSDK website is not being accused of having attacked, but a Chinese group of hackers is said to be behind this. It is said that they have made use of the “watering hole” method of hacking, in which a popular website is identified and infected with malware. When people visit this popular website, their computers get infected with the malware as well.

So, it is better to have your Java plugin for browsers disabled, as Mozilla does by default on its Firefox browser.

Source: Electronista