Twitter Says Parts of Its Source Code Were Leaked Online
Source: NY Times
Parts of Twitters source code, the underlying computer code on which the social network runs, were leaked online, according to a legal filing, a rare and major exposure of intellectual property as the company struggles to reduce technical issues and reverse its business fortunes under Elon Musk.
Twitter moved on Friday to have the leaked code taken down by sending a copyright infringement notice to GitHub, an online collaboration platform for software developers where the code was posted, according to the filing. GitHub complied and took down the code that day. It was unclear how long the leaked code had been online, but it appeared to have been public for at least several months.
Twitter also asked the U.S. District Court for the Northern District of California to order GitHub to identify the person who shared the code and any other individuals who downloaded it, according to the filing.
-snip-
The executives were only recently made aware of the source code leak, the people briefed on the internal investigation said. One concern is that the code includes security vulnerabilities that could give hackers or other motivated parties the means to extract user data or take down the site, they said.
-snip-
Read more: https://www.nytimes.com/2023/03/26/technology/twitter-source-code-leak.html
People at Twitter suspect the leaker is a former employee unhappy with Musk (which should narrow it down to only several thousand people). The Times quotes a threat analyst at Emsisoft saying the best way to avoid insider risk is to keep employees happy, which Musk has failed at.
The GitHub user who leaked the code posted only that one message and used the handle FreeSpeechEnthusiast. Musk likes to call himself a "free speech absolutist."
PJMcK
(22,034 posts)Wow.
This is most likely the result of your draconian measures when you fired critical staff. Didnt you anticipate any blowback? The code could have been leaked by someone inside Twitter with access to the code, someone you pissed off. That possibility didnt occur to you? You really dont understand people and they work for you, dumbass. Piss them off at your own and your stockholders peril.
Perhaps youre not a master of the universe after all. Youre much like that other moron, Trump. Youve seriously damaged your own brand.
Well done, Elon.
paleotn
(17,912 posts)Sorry, Elon. That bird done flown.
Just seems like the right sound for this.
erronis
(15,241 posts)The proprietary walled-garden companies cannot keep their stuff secret forever. It will out.
The best software out there now is open-source. It is purposefully visible and can be forked and modified. Thousands of skeptical eyeballs are far better than 10-20 within a corporate "QA" department.
TheBlackAdder
(28,188 posts).
Sonotype did several reviewed of the Open-Source community and found that almost no one reviews OS Code other than hackers, Nation State actors and sometimes college academia. It is a complete fallacy that OS code is reviewed by people to ensure quality. It turns out that people just assume others are reviewing the code and use it. This is causing a lot of problems in almost every data center because companies are trying to go on the cheap and use free source code.
To make matters worse, every major Open-Source project is infiltrated by hackers and nation state actors that are injecting vulnerabilities into the projects. Sonotype gave up trying to assess the amount of code section inserted after it detected several hundred million. It estimates that the OS community has over 1.2 Billion access points and rogue inserts.
Private code is the best, compiled with special compilers and assemblers so it makes their code harder to disassemble and follow.
Spring framework holds the title for the most problem plagued OS project. While they are trying to clean up their code, they still hold that title after four years of clean-up efforts. Just look at the major hacks around the world, and a majority of them are sites and companies using open-source. After-all, hackers and others know exactly what the code is and, if the companies use standard compiler or assemblers, it makes it easy to penetrate and leverage. You'd have to scrounge the Sonotype site for the reports.
.
moniss
(4,229 posts)has just been received by Not Really Bright Moves News: Dateline....... San Francisco........Self described genius Elon Musk has announced that he has constructed a reward for the perpetrators of the Twitter source code leak. He announced this afternoon that if the offenders will turn themselves in he will drop all charges and provide each of them with a new Tesla set to permanently function in self-driving mode. It is not clear at this point whether this "reward" is anything other than a punishment in disguise.
LudwigPastorius
(9,137 posts)Hopefully, this will make him want to fuck off to Mars faster.
2naSalit
(86,577 posts)Initech
(100,068 posts)Mawspam2
(729 posts)People at Twitter suspect the leaker is a former employee unhappy with Musk (which should narrow it down to only several thousand people).
So that basically means any current of former employee. Clearly, Ewrong needs to fire all remaining employees, especially the ones who live in their offices since they have too much access to his precious code!
2naSalit
(86,577 posts)tonekat
(1,814 posts)...when you treat your staff like chattel.
LiberalFighter
(50,906 posts)NullTuples
(6,017 posts)Either way, it's still something to get under Elon's skin, and that's a good thing in my opinion.