Yet Another Facebook Vulnerability Found

Another Facebook vulnerability has been found that could have exposed information about users and their friends.

The security company Imperva has released new details on a Facebook vulnerability that could have exposed user data. The bug allowed websites to obtain private information about Facebook users and their friends through unauthorized access to a company API, playing off a specific behavior in the Chrome browser. The bug was disclosed to Facebook and resolved in May.

At this point Facebook is a giant dumpster fire. Get out while you still can.

Google Traffic Was Hijacked, Routed Through Russia, China

In another BGP hijack, Google traffic was rerouted yesterday through Russia and China. This included Google Cloud, YouTube, and other services.

Specifically, network connectivity to Google was instead routed through TransTelekom in Russia (mskn17ra-lo1.transtelecom.net), and into a China Telecom gateway (ChinaTelecom-gw.transtelecom.net) that black-holed the packets. Both hostnames have since stopped resolving to IP addresses.

Hijack me once, shame on you. Hijack me twice, shame on me.

New HTTP Version is Coming, Won't Use TCP

A new HTTP version is coming, and it will work differently than previous versions. Instead of using TCP, it will use a Google technology called QUIC.

In its continued efforts to make Web networking faster, Google has been working on an experimental network protocol named QUIC: “Quick UDP Internet Connections.” QUIC reinstates the reliability and ordering that TCP has but without introducing the same number of round trips and latency.

For example, if a client is reconnecting to a server, the client can send important encryption data with the very first packet, enabling the server to resurrect the old connection, using the same encryption as previously negotiated, without requiring any additional round trips.